Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
IvanEspinoza
New Contributor

FortiGate 50E in transparent mode between three ISP Routers and a switch Core

Hi Dears,

 

Please could you help me, I'm trying to install a FortiGate between three routers working with VRRP and a switch core.

 

Before the installation the three routers are connected directly to switch core and all works fine the conmutation of VRRP, the traffic, etc.

 

But when I install the FortiGate in transparent mode between the three ISP routers are problems in the conmutation between routers to be the VRRP master (when the R1 is inoperative), sometimes other router like ISP2 R2 goes to VRRP master mode but the traffic is not passing for the wan port in Fortigate associated to this ISP2 R2 router, we are tried to do many discards like policys, mac address table, arp table, but is not working yet.

 

Please could you give me some recomendations or what configuration will be necessary to apply in the fortigate.

 

I'm attaching the configuration file and a topology to give an idea of the scenario.

 

Thank very much for your answers.

 

configuration

 

#config-version=FGT50E-6.0.4-FW-build0231-190107:opmode=0:vdom=1:user=admin #conf_file_ver=162504382649291 #buildno=0231 #global_vdom=1 config vdom edit root next edit MGMT next end config global config system global     set alias "FGT50E5618000084"     set hostname "FGT50E5618000084"     set timezone 04     set vdom-admin enable end config system accprofile     edit "prof_admin"         set secfabgrp read-write         set ftviewgrp read-write         set authgrp read-write         set sysgrp read-write         set netgrp read-write         set loggrp read-write         set fwgrp read-write         set vpngrp read-write         set utmgrp read-write         set wifi read-write     next     edit "monitor"         set secfabgrp read         set ftviewgrp read         set authgrp read         set sysgrp read         set netgrp read         set loggrp read         set fwgrp read         set vpngrp read         set utmgrp read         set wifi read     next end config system interface     edit "wan1"         set vdom "root"         set allowaccess ping fgfm         set l2forward enable         set stpforward enable         set status down         set type physical         set alias "telefonica"         set role wan         set snmp-index 1     next     edit "wan2"         set vdom "root"         set allowaccess ping fgfm         set l2forward enable         set stpforward enable         set type physical         set alias "internexa"         set role wan         set snmp-index 2     next     edit "modem"         set vdom "root"         set type physical         set snmp-index 3     next     edit "ssl.MGMT"         set vdom "MGMT"         set type tunnel         set alias "SSL VPN interface"         set snmp-index 12     next     edit "lan1"         set vdom "MGMT"         set ip 10.11.24.4 255.255.254.0         set allowaccess ping https ssh snmp         set type physical         set alias "MGMT"         set device-identification enable         set role lan         set snmp-index 8     next     edit "lan2"         set vdom "root"         set allowaccess ping fgfm         set l2forward enable         set stpforward enable         set type physical         set alias "internexa"         set device-identification enable         set role lan         set snmp-index 9     next     edit "lan3"         set vdom "MGMT"         set ip 10.99.99.99 255.255.255.0         set allowaccess ping https ssh http fgfm         set type physical         set snmp-index 10     next     edit "lan4"         set vdom "root"         set allowaccess ping fgfm         set l2forward enable         set stpforward enable         set type physical         set alias "Lan Cliente"         set snmp-index 11     next     edit "lan5"         set vdom "root"         set l2forward enable         set stpforward enable         set type physical         set alias "wan3"         set snmp-index 13     next end config system physical-switch     edit "sw0"         set age-val 0     next end config system custom-language     edit "en"         set filename "en"     next     edit "fr"         set filename "fr"     next     edit "sp"         set filename "sp"     next     edit "pg"         set filename "pg"     next     edit "x-sjis"         set filename "x-sjis"     next     edit "big5"         set filename "big5"     next     edit "GB2312"         set filename "GB2312"     next     edit "euc-kr"         set filename "euc-kr"     next end config system admin     edit "admin"         set accprofile "super_admin"         set vdom "root"         config gui-dashboard             edit 1                 set name "Main"                 config widget                     edit 1                         set x-pos 1                         set y-pos 1                         set width 1                         set height 1                     next                     edit 2                         set type licinfo                         set x-pos 2                         set y-pos 1                         set width 1                         set height 1                     next                     edit 3                         set type forticloud                         set x-pos 3                         set y-pos 1                         set width 1                         set height 1                     next                     edit 4                         set type security-fabric                         set x-pos 4                         set y-pos 1                         set width 1                         set height 1                     next                     edit 5                         set type admins                         set x-pos 5                         set y-pos 1                         set width 1                         set height 1                     next                     edit 6                         set type cpu-usage                         set x-pos 6                         set y-pos 1                         set width 2                         set height 1                     next                     edit 7                         set type memory-usage                         set x-pos 7                         set y-pos 1                         set width 2                         set height 1                     next                     edit 8                         set type sessions                         set x-pos 8                         set y-pos 1                         set width 2                         set height 1                     next                 end             next             edit 2                 set name "Main"                 set scope vdom                 config widget                     edit 1                         set type cpu-usage                         set x-pos 1                         set y-pos 1                         set width 2                         set height 1                     next                     edit 2                         set type memory-usage                         set x-pos 2                         set y-pos 1                         set width 2                         set height 1                     next                     edit 3                         set type sessions                         set x-pos 3                         set y-pos 1                         set width 2                         set height 1                     next                     edit 4                         set type tr-history                         set x-pos 3                         set width 2                         set height 1                         set interface "wan1"                     next                     edit 5                         set type tr-history                         set x-pos 4                         set width 2                         set height 1                         set interface "lan4"                     next                     edit 6                         set type tr-history                         set x-pos 5                         set width 2                         set height 1                         set interface "wan2"                     next                     edit 7                         set type tr-history                         set x-pos 6                         set width 2                         set height 1                         set interface "lan5"                     next                 end             next         end         set password ENC SH2771e6GwlwrspNde0BXz/FjV1uxmMwOnccz7c8ihe6mnNDXtjdr0+DrIXqsU=     next     edit "monitor"         set accprofile "monitor"         set vdom "MGMT" "root"         set password ENC SH26W736ZxC32ynx1Un4T+MmHM7vhB64Z1/UQOK0zfhHw2cz0E+19vtvImqpNo=     next end config system ha     set override disable end config system dns     set primary 1.2.3.4     set secondary 2.3.4.5 end config system replacemsg-image     edit "logo_fnet"         set image-type gif         set image-base64 ''     next     edit "logo_fguard_wf"         set image-type gif         set image-base64 ''     next     edit "logo_fw_auth"         set image-base64 ''     next     edit "logo_v2_fnet"         set image-base64 ''     next     edit "logo_v2_fguard_wf"         set image-base64 ''     next     edit "logo_v2_fguard_app"         set image-base64 ''     next end config system replacemsg mail "email-av-fail" end config system replacemsg mail "email-block" end config system replacemsg mail "email-dlp-subject" end config system replacemsg mail "email-dlp-ban" end config system replacemsg mail "email-filesize" end config system replacemsg mail "partial" end config system replacemsg mail "smtp-block" end config system replacemsg mail "smtp-filesize" end config system replacemsg mail "email-decompress-limit" end config system replacemsg mail "smtp-decompress-limit" end config system replacemsg http "bannedword" end config system replacemsg http "url-block" end config system replacemsg http "urlfilter-err" end config system replacemsg http "infcache-block" end config system replacemsg http "http-block" end config system replacemsg http "http-filesize" end config system replacemsg http "http-dlp-ban" end config system replacemsg http "http-archive-block" end config system replacemsg http "http-contenttypeblock" end config system replacemsg http "https-invalid-cert-block" end config system replacemsg http "http-client-block" end config system replacemsg http "http-client-filesize" end config system replacemsg http "http-client-bannedword" end config system replacemsg http "http-post-block" end config system replacemsg http "http-client-archive-block" end config system replacemsg http "switching-protocols-block" end config system replacemsg webproxy "deny" end config system replacemsg webproxy "user-limit" end config system replacemsg webproxy "auth-challenge" end config system replacemsg webproxy "auth-login-fail" end config system replacemsg webproxy "auth-group-info-fail" end config system replacemsg webproxy "http-err" end config system replacemsg webproxy "auth-ip-blackout" end config system replacemsg ftp "ftp-av-fail" end config system replacemsg ftp "ftp-dl-blocked" end config system replacemsg ftp "ftp-dl-filesize" end config system replacemsg ftp "ftp-dl-dlp-ban" end config system replacemsg ftp "ftp-explicit-banner" end config system replacemsg ftp "ftp-dl-archive-block" end config system replacemsg nntp "nntp-av-fail" end config system replacemsg nntp "nntp-dl-blocked" end config system replacemsg nntp "nntp-dl-filesize" end config system replacemsg nntp "nntp-dlp-subject" end config system replacemsg nntp "nntp-dlp-ban" end config system replacemsg nntp "email-decompress-limit" end config system replacemsg fortiguard-wf "ftgd-block" end config system replacemsg fortiguard-wf "http-err" end config system replacemsg fortiguard-wf "ftgd-ovrd" end config system replacemsg fortiguard-wf "ftgd-quota" end config system replacemsg fortiguard-wf "ftgd-warning" end config system replacemsg spam "ipblocklist" end config system replacemsg spam "smtp-spam-dnsbl" end config system replacemsg spam "smtp-spam-feip" end config system replacemsg spam "smtp-spam-helo" end config system replacemsg spam "smtp-spam-emailblack" end config system replacemsg spam "smtp-spam-mimeheader" end config system replacemsg spam "reversedns" end config system replacemsg spam "smtp-spam-bannedword" end config system replacemsg spam "smtp-spam-ase" end config system replacemsg spam "submit" end config system replacemsg alertmail "alertmail-virus" end config system replacemsg alertmail "alertmail-block" end config system replacemsg alertmail "alertmail-nids-event" end config system replacemsg alertmail "alertmail-crit-event" end config system replacemsg alertmail "alertmail-disk-full" end config system replacemsg admin "pre_admin-disclaimer-text" end config system replacemsg admin "post_admin-disclaimer-text" end config system replacemsg auth "auth-disclaimer-page-1" end config system replacemsg auth "auth-disclaimer-page-2" end config system replacemsg auth "auth-disclaimer-page-3" end config system replacemsg auth "auth-reject-page" end config system replacemsg auth "auth-login-page" end config system replacemsg auth "auth-login-failed-page" end config system replacemsg auth "auth-token-login-page" end config system replacemsg auth "auth-token-login-failed-page" end config system replacemsg auth "auth-success-msg" end config system replacemsg auth "auth-challenge-page" end config system replacemsg auth "auth-keepalive-page" end config system replacemsg auth "auth-portal-page" end config system replacemsg auth "auth-password-page" end config system replacemsg auth "auth-fortitoken-page" end config system replacemsg auth "auth-next-fortitoken-page" end config system replacemsg auth "auth-email-token-page" end config system replacemsg auth "auth-sms-token-page" end config system replacemsg auth "auth-email-harvesting-page" end config system replacemsg auth "auth-email-failed-page" end config system replacemsg auth "auth-cert-passwd-page" end config system replacemsg auth "auth-guest-print-page" end config system replacemsg auth "auth-guest-email-page" end config system replacemsg auth "auth-success-page" end config system replacemsg auth "auth-block-notification-page" end config system replacemsg auth "auth-quarantine-page" end config system replacemsg auth "auth-qtn-reject-page" end config system replacemsg sslvpn "sslvpn-login" end config system replacemsg sslvpn "sslvpn-header" end config system replacemsg sslvpn "sslvpn-limit" end config system replacemsg sslvpn "hostcheck-error" end config system replacemsg ec "endpt-download-portal" end config system replacemsg ec "endpt-download-portal-mac" end config system replacemsg ec "endpt-download-portal-linux" end config system replacemsg ec "endpt-download-portal-ios" end config system replacemsg ec "endpt-download-portal-aos" end config system replacemsg ec "endpt-download-portal-other" end config system replacemsg ec "endpt-warning-portal" end config system replacemsg ec "endpt-warning-portal-mac" end config system replacemsg ec "endpt-warning-portal-linux" end config system replacemsg ec "endpt-remedy-inst" end config system replacemsg ec "endpt-remedy-reg" end config system replacemsg ec "endpt-remedy-ftcl-autofix" end config system replacemsg ec "endpt-remedy-av-3rdp" end config system replacemsg ec "endpt-remedy-ver" end config system replacemsg ec "endpt-remedy-os-ver" end config system replacemsg ec "endpt-remedy-vuln" end config system replacemsg ec "endpt-remedy-sig-ids" end config system replacemsg ec "endpt-remedy-ems-online" end config system replacemsg ec "endpt-ftcl-incompat" end config system replacemsg ec "endpt-download-ftcl" end config system replacemsg ec "endpt-quarantine-portal" end config system replacemsg device-detection-portal "device-detection-failure" end config system replacemsg nac-quar "nac-quar-virus" end config system replacemsg nac-quar "nac-quar-dos" end config system replacemsg nac-quar "nac-quar-ips" end config system replacemsg nac-quar "nac-quar-dlp" end config system replacemsg nac-quar "nac-quar-admin" end config system replacemsg nac-quar "nac-quar-app" end config system replacemsg traffic-quota "per-ip-shaper-block" end config system replacemsg utm "virus-html" end config system replacemsg utm "client-virus-html" end config system replacemsg utm "virus-text" end config system replacemsg utm "dlp-html" end config system replacemsg utm "dlp-text" end config system replacemsg utm "appblk-html" end config system replacemsg utm "ipsblk-html" end config system replacemsg utm "ipsfail-html" end config system replacemsg utm "exe-text" end config system replacemsg utm "waf-html" end config system replacemsg utm "outbreak-prevention-html" end config system replacemsg utm "outbreak-prevention-text" end config system replacemsg icap "icap-req-resp" end config system snmp sysinfo end config system central-management     set type fortiguard end config firewall wildcard-fqdn custom     edit "g-adobe"         set uuid 62095e0c-24b6-51e9-fd50-c1cfaea313c9         set wildcard-fqdn "*.adobe.com"     next     edit "g-Adobe Login"         set uuid 62097004-24b6-51e9-513f-aff9cf810e2b         set wildcard-fqdn "*.adobelogin.com"     next     edit "g-android"         set uuid 62097df6-24b6-51e9-caeb-ef4d3f190810         set wildcard-fqdn "*.android.com"     next     edit "g-apple"         set uuid 62098abc-24b6-51e9-1ce8-ac891bfb4861         set wildcard-fqdn "*.apple.com"     next     edit "g-appstore"         set uuid 62099750-24b6-51e9-a356-ed8ea5c98d71         set wildcard-fqdn "*.appstore.com"     next     edit "g-auth.gfx.ms"         set uuid 6209a3e4-24b6-51e9-c323-ed1fbbf15ccf         set wildcard-fqdn "*.auth.gfx.ms"     next     edit "g-citrix"         set uuid 6209b2bc-24b6-51e9-5cd4-b5050922c021         set wildcard-fqdn "*.citrixonline.com"     next     edit "g-dropbox.com"         set uuid 6209c07c-24b6-51e9-10d1-2e897d56a4e0         set wildcard-fqdn "*.dropbox.com"     next     edit "g-eease"         set uuid 6209cd2e-24b6-51e9-3e65-2968d77f120d         set wildcard-fqdn "*.eease.com"     next     edit "g-firefox update server"         set uuid 6209d9cc-24b6-51e9-3e71-3a2404fa2f9b         set wildcard-fqdn "aus*.mozilla.org"     next     edit "g-fortinet"         set uuid 6209e674-24b6-51e9-c57e-d0598549ff65         set wildcard-fqdn "*.fortinet.com"     next     edit "g-googleapis.com"         set uuid 6209f4c0-24b6-51e9-df8f-0e829e426c7d         set wildcard-fqdn "*.googleapis.com"     next     edit "g-google-drive"         set uuid 620a01a4-24b6-51e9-1122-ef9626bda333         set wildcard-fqdn "*drive.google.com"     next     edit "g-google-play2"         set uuid 620a0e6a-24b6-51e9-6d47-eccb4a033048         set wildcard-fqdn "*.ggpht.com"     next     edit "g-google-play3"         set uuid 620a1b1c-24b6-51e9-e591-2ef9d159a928         set wildcard-fqdn "*.books.google.com"     next     edit "g-Gotomeeting"         set uuid 620a27ba-24b6-51e9-4380-bd3ac82db229         set wildcard-fqdn "*.gotomeeting.com"     next     edit "g-icloud"         set uuid 620a39e4-24b6-51e9-7a5d-ffef574171f3         set wildcard-fqdn "*.icloud.com"     next     edit "g-itunes"         set uuid 620a4902-24b6-51e9-b118-dc02f0577f69         set wildcard-fqdn "*itunes.apple.com"     next     edit "g-microsoft"         set uuid 620a5604-24b6-51e9-8a25-7dceb362ea9c         set wildcard-fqdn "*.microsoft.com"     next     edit "g-skype"         set uuid 620a62de-24b6-51e9-b1e3-1c04ec2e2e1c         set wildcard-fqdn "*.messenger.live.com"     next     edit "g-softwareupdate.vmware.com"         set uuid 620a6f90-24b6-51e9-a136-1beec3f2cf7d         set wildcard-fqdn "*.softwareupdate.vmware.com"     next     edit "g-verisign"         set uuid 620a7c38-24b6-51e9-ea8f-9b3e047e8298         set wildcard-fqdn "*.verisign.com"     next     edit "g-Windows update 2"         set uuid 620a88e0-24b6-51e9-8e2c-0a9f527d4d8a         set wildcard-fqdn "*.windowsupdate.com"     next     edit "g-live.com"         set uuid 620a9592-24b6-51e9-e10f-d1aefbd77e8d         set wildcard-fqdn "*.live.com"     next end config ips sensor     edit "g-default"         set comment "Prevent critical attacks."         config entries             edit 1                 set severity medium high critical             next         end     next     edit "g-sniffer-profile"         set comment "Monitor IPS attacks."         config entries             edit 1                 set severity medium high critical             next         end     next     edit "g-wifi-default"         set comment "Default configuration for offloading WiFi traffic."         config entries             edit 1                 set severity medium high critical             next         end     next end config application list     edit "g-default"         set comment "Monitor all applications."         config entries             edit 1                 set action pass             next         end     next     edit "g-sniffer-profile"         set comment "Monitor all applications."         unset options         config entries             edit 1                 set action pass             next         end     next     edit "g-wifi-default"         set comment "Default configuration for offloading WiFi traffic."         set deep-app-inspection disable         config entries             edit 1                 set action pass                 set log disable             next         end     next end config dlp sensor     edit "g-default"         set comment "Default sensor."     next     edit "g-sniffer-profile"         set comment "Log a summary of email and web traffic."         set flow-based enable         set summary-proto smtp pop3 imap http-get http-post     next end config certificate ca end config certificate local     edit "Fortinet_CA_SSL"         set password ENC PuOM4gHkHuJPcL3+KLTzJH++aocij+h9mpsNxI0X82ZcYhAnP8YpKcV+CwfZMnY81vMazAO2gDkfJroysgzUW4UWPSkLKNFp13XLcKR4BJv67mYP4w2V4H2SuR4HeDCe+lVAE6qXYLy7bmjC3bYWJaLaOyFZssmJMcI5wAnxb0PFxZwWPMwxaL7Sl5NMLCZWECsDaQ==         set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."         set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIkArPVFfU6OQCAggA MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECNCAv5ygMcoaBIIEyOhfnoarkixr lBi9oyZcxaphdb6sR3WRbHcHuVeFl+cHC878rHsYOIHrT5QUq8hnL+8ab0IfC4J/ ZmsaT1XZXqQzBwBSqXYJSOTJqQicC22WJyYfRoQjac61PiWdg5P3QQLyEItANg90 UG4/PFikcHaPGv1eb2VoTxTb+vCRpgJFz0Oew0kde1PxFv9b5DwVWKlLPNSRL5tE bvauVCWPOuRjWrdui947qvlYlMvVpaeeWWPMuIsRM36urHcBKGisNeWz9/aRC23b dUPZ2KyKySRzA55+vaKqPEpsFBb8Q5uqFMjD0l5euzpJ64/pc1at2k9LdCevB4GQ LjBqKrTNvHoIWqV/LmtPUw+cbXgxcYHraDjV6kOYXhzy/4OYSiuD3eRuwfzczvqm 8MiJyEcH6xR+jEL2JLR0I+IXMm4+tqyKHaBlISIbziV5c05kbxXuqswqLfX9aAPD GUEQRu8OBwplWgDm3NlIFdZ101K7NzswP6ugMXMa19ixndpvf86WVgLH6CEkLwuu UZbeO/h3z12VPNGnGEFAoG/XzgPzyFUlE9sC0Le4KzfCtVodGaIj1Z9lZLbjdj2e ZtCLOE+ma0QRzpVmgkiAGRr6Dng+XMoBRwXoAG+fUDMKHAylENcEOEcLtzrPiPcF 2DvZYw8Z0TpAitcRDSLEwdtE/CpFR/RWzwzS3lz8CxhvsmkxBxCAOz6N7qwJo4mE 27UKoRp7Zspgxo5jYwRhsP10/nXy62tGKr5TM8p9B/LGFmjCuYr0ubZyK2vd09g0 DbtrUxXP2p3ol+t8oK84mq2eLf73B/g9nHXQ1NBBQiljFVvOmSbNKrnDRIfdjhgE QCvUfWNjgTtXH1PzMW6aocIbdWUbXsX8hVp349w4OlG7st8yQ+X+Oz1VpS6vKCZW 9ZxrUpFEQ52JHW1xbZS/Ivs5eWkVgclGoI2ZUuxQymrYKFlLfqQWGstmpmuGvDDs 2wqKXjyk+DEKFsTabWJK2baVLZPLcHa3u35dAImoopQTUpkuRRyNrY5WlNYH+lzx n1L4+2CocJD9FbaILiUrcRwHQL7MCd9pxS1c3j+nuVXfsHDve14EEl2cPvTXZBQB ogk2u+8YcNbISpQQYd1rfpeT1+mycDAWWj/NVMt3YiTHO/sQvqxL6UITDhJs4dXN pQCJlYnQrJBQH2lqENerhMKxKSzx6mPWB0VpWFazlbQFOsSa9lzhlv1N70yD2OtP Gg7TtJtyMskQHQaT5QSRfQgc+aERIyDUiAZWwEuKeRbAlLsy4Odvbmk3nCZCXLR3 Xe1j/kUmzIqvRogaOIuawkFdW0C4xyF0DBqlATLhAROjWsc5MAtmd+ekO3cUyJ7J b76lf5RWMGr8e7SHACKstz9rtPZPC01zs8gcbi1/YOMx9J7JP6F24hSYiryiX0lT ToNaq02lhqZfqVbD0/lx2PIVaCUEuJx2uH9C4elZridg//7FjuqNsl8zfdMIKf1/ LPGLKwwRUK/qSx7xfn0cuWC1MIasGTH/zPlcs9CLHIH7jKpy7E16atUnGtGaoQ2m haGheXmMWAQN2dnGKePTxA+abvVd3Jh2N6sMioAaHKluJJj6h6WAow2kxEGYdnqx pkyXFxSVNNKfyIO9lOz+LQ== -----END ENCRYPTED PRIVATE KEY-----"         set certificate "-----BEGIN CERTIFICATE----- MIID4jCCAsqgAwIBAgIEDkzaHjANBgkqhkiG9w0BAQsFADCBqTELMAkGA1UEBhMC VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8G A1UECgwIRm9ydGluZXQxHjAcBgNVBAsMFUNlcnRpZmljYXRlIEF1dGhvcml0eTEZ MBcGA1UEAwwQRkdUNTBFNTYxODAwMDA4NDEjMCEGCSqGSIb3DQEJARYUc3VwcG9y dEBmb3J0aW5ldC5jb20wHhcNMTkwMTMwMTczOTQ4WhcNMjkwMTMwMTczOTQ4WjCB qTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1 bm55dmFsZTERMA8GA1UECgwIRm9ydGluZXQxHjAcBgNVBAsMFUNlcnRpZmljYXRl IEF1dGhvcml0eTEZMBcGA1UEAwwQRkdUNTBFNTYxODAwMDA4NDEjMCEGCSqGSIb3 DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IB DwAwggEKAoIBAQC/qC2nnp7fT83LX5IuTwGzgma6yay1PHpVRYnHwInUvZrOGzIz TGxl8Ld5VM3/BKEc7r/9a+miS9lxKN+wnDYKh2NOx5yY5PxRyavFwcvbvnlKz/oL S3GgoO/7IEYabk00Br0Ro24ij/I+5/AoQIcqy2R32HFGQX6yBFZQFgCprn1gOe5a Avd7f/O1MzNTctmsShHoGKh80DXHSkaX1dSQ85O9ACahxi9+mDS9PiDeu1lXmmgG HAu7PwtDeqYB5+IOraGULX2fFmzxNG89578oywIPb9JVxbmmCwYJnOQwcD3ogEuK GO3UXRSWw9C8G944jPcYxPkwUTF3LkH7C1PbAgMBAAGjEDAOMAwGA1UdEwQFMAMB Af8wDQYJKoZIhvcNAQELBQADggEBAGlvyq9z6ChLZrcpSOjn8c5mnmQRIq42uVdv sQ5MHptyUkxkpW4UV8ttt5MWDm4e7AJvgoS/hZcN4Whp8oP2J0MtZK3c+O6lH99K mYeAqwr3GtldUW5LAnUYImx1C3GSt8WvkmF7Lovr6zEsnb7DAN7dGRJrKgA8e4/r wJMcSdUnwODKPr8bEILyr2tyy6R4CHDzLnBKjDhMQkzLDqj9g2W/8QtrXFRQXub1 LR0Gosu+RGZsQjGDSF2uBVKccEHOXVhfAu+xArltzvapfwYGPsWLLya4CnpWvBux QflZ707Ylzl+pxyz84DeKhcdQ95KFfT6ov+b4vEKm50/bVeWadQ= -----END CERTIFICATE-----"         set source factory         set last-updated 1548869986     next     edit "Fortinet_CA_Untrusted"         set password ENC YOqhDAOzfj/CDMo1t5IT/TLTmzIflAyTjclbiA4ewlrelByUbSs/QKUwkFnqkYLnlzVH+JJD3n8pHjA8CkzFwBEiBZu6kjPcPY+cOCZtrUMgzwiHgaIu9y3WwTHDSdWTP+qeSwjZRaSCmGL5NKjkx6ht35RKnLWL78x15j4Bmik1wOWxQhn8/O+shAupLBaqr0LuYw==         set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."         set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIPEvyL3/fCE8CAggA MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECESdT7RmuwvsBIIEyGPhSuTfQxay xlH36h650SlBZ9k++ej/sAB+likC8WNRUkfcu+B3Q2CjSeRmG+V6ERDqJceEqAP2 LejVfTi0JJbYPUa/Wj+HUUom4qBpl0LOkkh4wubkYpMaAkTxrGMmlYgqjfYjIVqe FDm4lAnM6adE1THuHwDyUbUqeDG+jYgMxPmfn4/LEyDRRAVsgd/pyI8DtF4NDnwC xoaCBEvZnkzo0UBoeWvwEQ1rFyfxawuZLU2sFl3MlTfCIvZhZYLyX92W8ajcDiPu syldbMvx4rgLNX3sVzb2ft8x4XDQf0WdRLJxzcqQYzWeYAyiyWKHd6D63pQ2nr4e HfxHnw2SO3SeCuOajiriCqX2mrUExW2+NJ8EVVkLFhDBW9ooqjNwOiB4TgPZMwu8 Zod2ozh1dlOCENxonwaWqjML7Q2r4ybAyxbFDG8w1n7N0w4NQJF/nvevMCv4zehO acl4Bz3+NqHXkKGiQstMGWEauGOXamhwHDnAlpcNrZFIrluF77PlJOqxs0mDqe9o +OU1v/03Ia5DwfbXC42JmjGDoePaynPR+CZEsJp9di2uGd+01uBOuIMZ8c+lCDhq R0/Ze4jpB+z1mwqMxWFWoscXI0twJpP1lUrM5TrOKKLXNLQaMMQWtl9kydfAUD5j eVr9rN7DJ3OG2HF3HN6RoXpHAhoAB1+meAh5Sb2FCLLz84BnsAtvCApRDLVHbSYR yk6Y5DQ13j3JRasB1AW3+adPK1RlVHrzacM5UjLpg01YRYsXyeRimz6RvUc7iVEe HFpWpeVsvki0Edlw+T01M7NaG+6rVP5E03f/8NlkKHSwh2TB8ICGr7GdiZoS/SZq vLUw15PGawByc87li32kiH4sh3qmhy4I8ByHj7wFBgs366NGh2JNMWJzrDQ3dadU jiugFqzd80GUXS98tfv5UUVC2upUsTR6L24C6+jp7D/qW9nDangYDAt7q4zXb3ec 57VxJVi9CD3tOUfMZpu13FcqqkTPl2ew+DLHkMUt/MDuwYlA/5446/E3hS/vGp8V mITj7Q/UDWvR3QK/gV3cm3DSxqlWJIYI4NPRCHizvd0ZyckKr1I8SKgQtodavSZe xr4CJXteS41iY+U8dGwzMGfOByHD+Bea+vlkR6h2i778V+Ty07hqmD3OnLxVns2V bEYHDK1ccVvUmOI9A3q8Fo4x5IbWnWAwoQB/1IM3i2Eyi/i8vvPvSmC0bWKTt05K VlDH8Z+xG+E3ugW62S2KSEJCiPDoyKIi+6uuQgumQ9+I7brHoDO0hJlE3dCbJN+9 8Q6cKztd5+e9rvjJ3h13eDjYYKXocrKsE33XZaFQyGC6+ZiH0Q06UwDLlrDkchsp tRKju8pI8qzPKWGnMN0W6lVgbmFjfkBJ7aAuRt32yocII9+r8MOhK03sdHKrJsg6 oGI2qzX/MSZzcy21mtZydJiOC8q2Fb6F1EtxJ9MZkXH6FSVBAedZyCMez3nt1d2v m519SzMdoyJQ+lgWb9CeWLAA17Y4AcxcYlPJ5XWOSnqatG2K0yJi/jYrwutDXITj Nt2W+t5CFO6gnO7keZun0DLNOlBProfPXjB7ubgTYtvf2WJycKt9v75QQRz567jt gx1Thfyfrgl2uk6Cxmngbw== -----END ENCRYPTED PRIVATE KEY-----"         set certificate "-----BEGIN CERTIFICATE----- MIID7DCCAtSgAwIBAgIEX6xzEzANBgkqhkiG9w0BAQsFADCBrjELMAkGA1UEBhMC VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8G A1UECgwIRm9ydGluZXQxHjAcBgNVBAsMFUNlcnRpZmljYXRlIEF1dGhvcml0eTEe MBwGA1UEAwwVRm9ydGluZXQgVW50cnVzdGVkIENBMSMwIQYJKoZIhvcNAQkBFhRz dXBwb3J0QGZvcnRpbmV0LmNvbTAeFw0xOTAxMzAxNzM5NDlaFw0yOTAxMzAxNzM5 NDlaMIGuMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UE BwwJU3Vubnl2YWxlMREwDwYDVQQKDAhGb3J0aW5ldDEeMBwGA1UECwwVQ2VydGlm aWNhdGUgQXV0aG9yaXR5MR4wHAYDVQQDDBVGb3J0aW5ldCBVbnRydXN0ZWQgQ0Ex IzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29tMIIBIjANBgkqhkiG 9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5N9r8XAEJQJ/d9EeQweR80MJ1IESRiRkvYgC jm1rFxt7sq4xMTWIXpIQnq5VoqFUbLx+wfwzknzPh4Iaf30HxWAPyZpAyRx06JEh qegVIDI8sW8WIehP9n+QVidm0FPwQ6/fFvUXZ8QIJVs22gOPjcU8R/dFdA2Vnd8H xOMFng/fkYqePdGcCTe6nyIaYT22b7/5qtQrVUvs21MSgExVXC7/pACHSh4ZLV8B FdHC9ClwDJlcsJW3VxFMleR7rVb9P54o41T0gttDSTn2/CpEDlvKM5iwT4kafz6k qA8d7lND3kWoqCTSNgP5r1HszN5qMR3LOS465V80851tqSoHPQIDAQABoxAwDjAM BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAGlI1+WeH5JZTrV2ZUSwvZ s20PbduwLP6fb77RgchvYUwLHQxf4Xd4G1VEDtjtID9SeHACLQejwwHV9XwpHNP0 jZcdu4ekmEbmyRaOoaBjwxdOOeFTefGzC99QskdPkNco9XCtkRcPoPVpRQKlVDGs SnAMVz5emWnYTFnvbhoUUdhlLR2o0FCOwAMwHIZQ9DwGoGNfucx2uetiqnaOg9E8 KS0C93dtOBhWym5cN/RKaLDISdBdh93enmaaIV0mrsFsw6QY0zduRdgSS+XmhFwG oG33S4KyxZo0HfpBvN6xUU8v1zR11wf4hcUp5o+TKqqjPA02LP9R7No5MvghYr1C -----END CERTIFICATE-----"         set source factory         set last-updated 1548869988     next     edit "Fortinet_SSL"         set password ENC LcvgLrswuK+M9l/TdwrVoiom2rIpABT9tnszJZQlU7fMZ/WkQeXaBzzGRDcjFM9cIAYDJci7k+WFxg0XUlJUCV69tvj4ICY1t7Y04nQRyR2xfGHHsPGcVaboyemcngoJTMBJuGmxXHEjxCm8WaFyV11LyFFl2jvw07hdZrtqbhSdo/lv7aOEVdFhPITPyz59GkSSVw==         set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "         set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIWhAyErYOmlcCAggA MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECMdvVYevEptFBIIEyPT0Mf0XaUvI aSVnKi0hQRWXU26d/2GTuFqBynEv9kx+rj3hKeUXTPmC3h2plIJiSuEPVVOaJqdO SSaUcpOP6PUDq07dWLgH8Xxe359cbfUYcyTdlAjoRhlVYFuos26tDPwrq8aXABCI ukuBVYPI8dZadqT0o5Tb96VYKFQ5DEnEISGzLvsm8AM/ZkRhbRz/sCR9ThYdqi6s 6g4+6v4hiW4Kh6aDIveIaceNt2qdsqYDH3iEmk/1aI/St5TZSr78Fp9TqfqzzwCS A5W+ZM54TEUBG1yp/W66KzoHrsfty+bOSyApcQXJc++FgJQyFt/csdZKps6xRByD di1k3nIU3IBYjGOS98i8E8+52F43J5VqdceAKor3DujuAeg30x9tB68BsGJ8hArn CvNMHL+G2duqZ4bqtLJamWMlFaU37U5SSY7gOcIjXALFVu8X9RZEJ5SR8/fPkii1 IKEWXHzlZfrOkIon+d7Qbbm9gxZi9+rIdXMak9wBgSVDNpfEuxQum7r71fTIUyAT mrxQ5ierq6hU/2sEZdwQjNWdWSicHq4T3ljdN3zh6cYpJGnr1kma8rhUIyMxqMjj jtG24Ez8tNdC0Q00jXH3Uw7HesATSu8Zq+zsdNIHjMtYjgNhIt6HG1auSFWxWvPt +ieaiPltW5ah+rXiUGACS5mpWD+FPdZO8dnZoYN+tglPFpnhgfa6nNTRIAo9zIQ4 4PZqlPy4cLldLKWqxcX21NRwiVlrsWvKdcmc5y+hwsENWtEBiouN0kopXyV+/7h1 ydwdVk6/VO3eVO5WctP/Qd1FFOBlpdX1tF29SJKIgRoA0l5w4tns48b+ABjYsDYx 8o+3EF0hBjais/fShf7Iiah13k72Mi1Z9KKi3SE8odSR64EDG2QE0smV/wPvPoXa CgXjNACXf7egNnEoJOVKZ3o3y0fWjQwC3LVM0dj6fD8lGm0OmWlZduqsvkzJXxxm UmlbmcS+JaKs8g+XumUvILYLdKgW4kqa5KzADjNPqFYfrOfDEX8TIwzBHX0XXf+f SnXJA1s0SGeW16yp+wJvqEx8WMfEZGoezoIDv/bN9M92BMr7XRZH8DV57C2yqXXd no16F0DM0vAojC2JW6xFlyZnR/FMDiRceTcxvfnv4Jn0DaPhIayM24FKfEx2Qd9r XFxezyZ9AaZNrNAZEv6kBGv4ALQJytmv8T1auGVH1Corz9AU7ogeBkPHMInLFsw9 nUkLDRVNS8T2jKYhHonBXTZwU3rm4dZhn9RuNPM5U4LPMd8zPbvSdzUErEaMi57T 6rdjwTvjmArUup91e77w7K7VEo8gjjxyDU0hkWr5P2POCL1ScH2vMzmrqQOe1Nf1 S7YMXZUB6t4f67/OSKJEXE3+BzmKmiEyR5KbqM7ByuIh3x+ftUcEyCt6ibrWqS1Y RWCgKCqCK+8+3PUB1fWzUQxAi4ZDlHixb1WB9mFP6bYvnx/U2JOcd0+5y1SwSe2w zNZBbUJEc5KC9RqG8vB1xkEuAgzQstr0sXocyaKzy55xwOMvb/8lOvmbOrBGsmCi vlF3S6tEjSuyLZHGDnvz8I5V5/8nEMuDnlnc4Izka/IgShkTs7uUoXn0Na/7KCow Wd9JX0dPwTAuTqQnIJLUqA== -----END ENCRYPTED PRIVATE KEY-----"         set certificate "-----BEGIN CERTIFICATE----- MIIDxzCCAq+gAwIBAgIEcCuHvzANBgkqhkiG9w0BAQsFADCBnTELMAkGA1UEBhMC VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8G A1UECgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkdU NTBFNTYxODAwMDA4NDEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5j b20wHhcNMTkwMTMwMTczOTUwWhcNMjkwMTMwMTczOTUwWjCBnTELMAkGA1UEBhMC VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8G A1UECgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkdU NTBFNTYxODAwMDA4NDEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5j b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTh0Lk4unzw5N2XlTP oNgqI8vSLP1GDPwrolPLI7/gszKamBhzKC63Kl+Vrqm9GdszQ7rLwNYBWM4ox/V/ jrw+/ZJQA7aO9tB+7ucWvI4kSI8SMUyVe8IPMCeO6fNqUSAf5syzLtcnSkzT5d/K QT9CMCpmb6vrshF0z9dKcat9CX5zD1xJHJem7HFPzWZ6o1eWrKWWtlMBnZMyoAJB ZbB5sLtlFPorWzZ0MBhYYArCHTc60Ftoif6CWmsJ21vQGQsM/GBEx7sJONQFvP52 DF8kO0copKVcnd+XzOLqWoNVoFzKVLDyi8HVGsvzXk38iE2RCiULEeaGZzv8RbzV zWmtAgMBAAGjDTALMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBABt/HT7Q TJ2VvMVo0t+g7pxO5RMbJvLZe9I6Iy2w9IZAR/fHZlykw5iTD9aZfL6OGBEexbDR /YyRTIr2IzwLzBjWPX8wS+CTH7eVhavXEydUmUrWxLlICvTF71H9LI6/rVAqEHrw 5YlWSS0QhINS8LM7p2pbol11hR9ctx+YBQHYieVb09OjkrvO7jizDYUOwLlAdHlg EaMXIPeQfVPfFfiX+tQjr7lUrUqhBgWNo3Y6Wc82khcc6cHi1qhiRl0rhFZJFAVB SyN6m4oNDibP6fmAu4FMtGOlwOBwySxsvyP637NB9qAQ46jdwTaG1NgUraUj+Iv+ 3+Y52mW/VXbQrbw= -----END CERTIFICATE-----"         set source factory         set last-updated 1548869989     next     edit "Fortinet_SSL_RSA1024"         set password ENC 4Nee3gyLEUx8pLeVR1RNolMISiSbJGkPDiDLCVLhWPnhK7U3LBFTpusEzZxYuyppDuBzpw+D6eAgchCP1a2/vLLhQP3WfEif7tcbGatVrKI02hJo7VCG0uVoZPJDbSINA3+6DLV3DtgD368oGmb0kuQ5Xq2jNjJt/cSF6hw3mDoPKyDJM18x6J2okM4lUygDWv69VQ==         set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "         set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- MIIC1DBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQINPKiODMa3FUCAggA MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECM8atv6c0U3kBIICgE1KJMSQnrMw AGQc4FP8AtpJaO32Am8KotEyvPV5SH9BO0R/g3Ohk/g6YmAxYeJ51rLdumuQbqfJ d1blV0269HM9sLXbdATAVWmEmi0SQErYE/bqzG3mwOmSFK/EW7I+hgMjFqog1P3n fJ4UrDxFD5ox1769lALIhkJQLstvK+9Ly5z5pknuHfkVBR/nEveRvH8hBWVqOA+z Rf/Cu/UokIiFfsmQnKAvnZ1FzOQP6O3723b49W/Z/uyjcqzFA83k+Jvj+szSx3Qt kD1r8cMF1QriYE+jsMwN48nzHUkXQN3MDbJD/Xz+KCnWzEpbZCPphI17yzzFMqMV uguCy9tTMAtJHChEZJZKE/QvFllHloIVtf8+VgB2rPpp42sLLkzwRNGnSfbH63YW osS6Byw8zrso+L+arOOdSrrA7sYT4nzGBOpj2OgpgQNeg0GgvOEyU/9L2sRdqim8 1Wm1rjH28ndWmVoBJr2nv6y7cyJmI7Ov/av5/oQAbCg1noK4nJpQ81WvSt3DqWCr Rnqlm40uLW18HoDG4Eml/zKaOwV4bfu4A2s+BGcAkdi1/1V2aqBcHBzqDXmJ8kqH rB1v7O+cKCiJCc5UXsHu5WOGFk3xsCytofzXJjzzTM27stC87xPC1IobKKAiuMPt 9ixLTQK7s0ecZWHAUAhf9xNvm+5HZnUO2D6KO//ati0K8lk8TTNOtmfNJRaR6vqQ SX0xtvm217FO+BO3RLouw8b0FxEJmqR5TS8GFD4AMa7RjLyv+YaWrxZBPQPCfLSt eqHE5eex+vhZjEQe8oB1ZXzUAtLoaRdmEYu7yhP99f+jjJlLBasCx7wCR2kXYdBw eTFse4SJipo= -----END ENCRYPTED PRIVATE KEY-----"         set certificate "-----BEGIN CERTIFICATE----- MIICwjCCAiugAwIBAgIEZOAHdDANBgkqhkiG9w0BAQsFADCBnTELMAkGA1UEBhMC VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8G A1UECgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkdU NTBFNTYxODAwMDA4NDEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5j b20wHhcNMTkwMTMwMTczOTUxWhcNMjkwMTMwMTczOTUxWjCBnTELMAkGA1UEBhMC VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8G A1UECgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkdU NTBFNTYxODAwMDA4NDEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5j b20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMDzC+pO+U6QK+mqQYylT21m OScmu8gddgG8ncyYmIvw2cKdzjHxJgPjV01CaHIyxtYzLm0C8UdDIMbb6ixAEHD3 O9+0S9dQz8MqI63rc1DocwTBYCQzJBYHn5cyMbEgFQZBUya+ul1or3+FqPjjVnEr e+sPR3wQbCTpeStUuJv/AgMBAAGjDTALMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQEL BQADgYEAW9ZN36Qt29yUICMMS/8F8p2w4bI/KRd+EJDisO5nf1WxQDLMCcD700Cb nFMPWXv8l1m87bmDhZO/bpYZzOm0zm7lRi6m0/r1Zb9DEB94g0mxA0cyyRhUw1a3 4/CCcbYwNpuC41P5uJMzKw6/imSnl8yuIuG1Hy0XKiJMgCAkF5w= -----END CERTIFICATE-----"         set source factory         set last-updated 1548869990     next     edit "Fortinet_SSL_RSA2048"         set password ENC 7OYCwAZqUUEsxTlnyyIqIPJ48ZrqTlfK8jeV2J9PDwgYcZd1IvE8wUc1AU2M5HS/VDFO0C3QpHAPZ04wg+GA+8rEkeN32mXtQUGvDP+TLi0R5+rX5vNPybhg7c7JIM9NqwUFPGtMjT/RoDzSL32IfQRmn51uvJXkhDwPVap5dvCyy4hIn3kwqse8zUpR30KHVo9SDA==         set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "         set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQITJX0JnCQYAUCAggA MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECFI0xUWKqawwBIIEyFvFtxmxYKKf LmuTS7X96iytc5fT6FALnl8oaQfnODXAsxj02kS0HbG4oHne+q+0U9gfGffbYkMg Q1wOJHVuBVnnWCSCK1FzS9sTAXppiKXnJfYABPw2wNhOJpwer7xg33Jq4Da30AFF fTEZ+DF8a5Rj2CDOZQokpGT95Aa9v2quei6x8RDsouNzfiTPtjUuaR7k31GhaOOX u7//VHJm+EVIoje9mpTLuHzzGJ34pssoJju5cAM0M4GORmA85jAiboOoDXEZ6w0h Bxnz5f5ZC137ldzpd9UnDyVrGVKoIC0g428eOUnLmw6Jl1/+cml3Yo2zCoqw0k9n mcgvAf7GjIgDMpNgVtrulgT5FMoY6nW5hewb2O8mmTc3ArUYV+g1zrDsiberPPPL 6BZlv/bD/qEAX+ydqV8V6Qyq0lCsfagmzbupKmL4pRdS5B7g3K1WTHGejwQ4JWFA CTuMdYW9x9tGMVQBHxi//yDT/sShLCD7CEsYcxaUhuZrNkYSda/wFrhmm/91+vQX vb14Wcagju+canChQoqqMe+ADxcj/5Wp8/CTUBmqVARorHmk1QX4eIdUJN/LEay6 wmTOXtFUFEy16qJ234cvA4KdU7uuD9Y0lYoF97oUW/QNNXRj9yKW88U0cosMeDAV 4W9cjDRu6P1z6QCJqYttbhOxFnIrua/dn+JyWqKRTbUrexbyJ2mw2EQlZ5DRi9Rp S5aiBzd+lsdnVVeDkfzjxpI49+GHvA2qMmePyM0TqSS71HpQ7PmW0zdosklOp8E8 xDP09Lh22sMJc8E2ngvTCPHemQ0BbkdK37JIDAHccYit7oKqJeqS49prtkbQ+y67 shUr5DQsBy+bGm6q5bI2DPuh1DN+TNGBut16gy2UrN2UnsflBepad4fIaVoP72d2 NwP9l/SOpH1R5GbnEsjedhQ6INJ034mqNclWibN2FY5DQbj/jPUjaqU6kVwgcqB5 Zn5Kj6wy0xsGTQkaemlWN9xzf5Ey1QYuEwKrBFN/L8phgG8yKS79bnVW+F5LNndK X+QpFlzTWXbvLZCsaK/DzWeqNTzcpZ0As6hLteSHa8LM0YN1dlhHyfsmNNVqKpvr gxTKQd1rC/ORQU11XwfE6bsDDrUXjMLQSHt2Oipip5gXUSwVRLETDBV/q+ReCMpP Sd4bySeOp2RYVFLDDmAfC7BtCIzzE03/mhotfLgsKr8cmjrXX26/KG0AnDcKgiRp mT0eftRgvuSUlYIW5gA0HTXhpj1+T5GeLRdvgx929aPMpfn8lUqQgw+apw9c2cyx Xi8/r0Xa+xY+wiJKw72WoF6tPF/zgzKYDCUxEMWzNk5vsVqxPR1MtkXEA3JwGxEG V02BVg/zJZ1uheiV+8zCO+kqAfEtPsllrh0ng3XCCEUP9MaZAtRQ93YyL3gvhUtY d/lavzwjxm4M8Z8e2xRk7E5UByqHvtZq8/O7RWxBrfbZvrVh8YjzZ90dNFKjIF2A SpZfxaJPj0Im4T1JGGkAFa+In47jaDt4Knggdbg4JAWxHbt/5d4qZm8BWWOFjGrz td5HZ8pNSSW1TxUafpOOQie8N6Or0B+q8QUjyB1a3fVnvKqKTfYti/cJKZjF0pX8 xmlEbul2Hel8qzzjcR18lg== -----END ENCRYPTED PRIVATE KEY-----"         set certificate "-----BEGIN CERTIFICATE----- MIIDxzCCAq+gAwIBAgIEc5G6zjANBgkqhkiG9w0BAQsFADCBnTELMAkGA1UEBhMC VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8G A1UECgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkdU NTBFNTYxODAwMDA4NDEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5j b20wHhcNMTkwMTMwMTczOTU1WhcNMjkwMTMwMTczOTU1WjCBnTELMAkGA1UEBhMC VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8G A1UECgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkdU NTBFNTYxODAwMDA4NDEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5j b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCy+wTFfT7z3gjKTN3E 4jOnubhPh6p4z5kax5oaofRnFPd3dOGf6I8BmBeLnGWm19wY+90nnnOL74sWeIcq WUuxvx7Mt+3dnDPF56O6s57FIN1Ly2ZPKTcX7aOdR3Oe4JR3/bE7IY9SSAzGDgz8 vYTQgx4GtCARDXBC2mngJpBWPr53N/oPpcTaaaZ1BYeiXIJYZx0S9Mq4LfLwYm7V avsABykNny6TzJyr6Jg0ItMQ91vNVxZBnHKdiDG9s6zO+reSUdB1yeaDA4mRvz6F wigRUvUYQk52cEFimuc/LLpPDiVDRNSu9HkxhhO0gOcd7sIKFoATczbo/ALdQf+m hUz7AgMBAAGjDTALMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAIHfeERd YWxrWrDLBa417ivLHXrUCnt5EqzF59a07OJZRivbrI0CjuOXCmhEAQeqNq8wZAn1 W7XJOSBgO4JeBlJ8Wl3NfXgp524PDDmV1eoc4XW9CJV2WfI5ID9WO5NahtSRqW79 3yhCJLnV0vMLAbbHgf8Z+LVTxghwcGOOf4FtkbbzZia1tfa+nQ0ymczcvCi+XZsb uA74I1eJAHktU2EQtx4rMGtDBakpNN8ohJNojffh0SSttXN2abpAds651ou46nNk bNH0hfIgjw1yCJt3Z/hwWj8irA3uGKRlENWf8vKqjSVu3dAVidX9IsiX/c6QmUHb 8mOxuWf04ud35sc= -----END CERTIFICATE-----"         set source factory         set last-updated 1548869991     next     edit "Fortinet_SSL_DSA1024"         set password ENC +R5njjBgviHEnrcxVGANwYfo9XsOFiUMeKXftBzTGHLipGqZkXdVLjaLMwiZCzmsWt4I5PTVMAafyOcP8p1OB//rZ1zuTlpb+DNBVyYn0UW1f5nijhTMBK2tRdBNOq0cJl2kwuOAHN1785GH348dV19eyFhFDGtHk3NboybeRD4gtHqf4PoctJvHF9sle4KQSCLhjg==         set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "         set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- MIIBpDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIILfjTrO2wQQCAggA MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECE6D95gwuaMoBIIBUFs+17NR+QY6 r/zvadtS0rh8Oiet/4LgbEVZvXsTMIleRQfoDdUlI+yAfhYZpZOaOQGtgEwPvwTc ywmQ1VRdS4wZSYHjIw0QZub+1jQvxvU4TWKVE0Hwclk59UEbv1L7VAiE2cdqrfoE 61l8idaS0DQfE/UPOZWuDy9nilCQ2ZVZ39xV8sNxosGLmJD1d8UaJTq63nkcFuoJ VVIEcyLRqdkTQfdcws5Xs2dA0qq06nwUi6RluTX2WLw44fBVUCvXKUxVSwO+pzcD t3+VyePQUa78eSJJcWRSzplV35vFtoqII4k467K70NUXgs32mipLgWYnAkfco8FW Oa7D9yhBlVVow5xqCo6kUX9yeLeSz9I6bULtSQhznW51f0B7XUgACItOsvhpwaB7 wXkikKa/MatA+fe+jO20gdLd5njnC+1KxIzH1niU7h6b/tmAFJ+tsw== -----END ENCRYPTED PRIVATE KEY-----"         set certificate "-----BEGIN CERTIFICATE----- MIIDhDCCA0GgAwIBAgIEOUKdAzALBglghkgBZQMEAwIwgZ0xCzAJBgNVBAYTAlVT MRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUxETAPBgNV BAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMMEEZHVDUw RTU2MTgwMDAwODQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29t MB4XDTE5MDEzMDE3Mzk1NloXDTI5MDEzMDE3Mzk1NlowgZ0xCzAJBgNVBAYTAlVT MRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUxETAPBgNV BAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMMEEZHVDUw RTU2MTgwMDAwODQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29t MIIBtjCCASsGByqGSM44BAEwggEeAoGBAOn3KMyoNhtYkfDE7/HYpIOEedDpps4Z ylW/qZGkakJcqmSdQ5uV5AmPOG18T2vm+/SCIFtoDhGvyfrFToxDZpBwSQZ/7VBT xEMVFsDkLDZjaU4QHOcXeTo/s8tU56f54uyyaRP7fIN4Iv0kqvjJ2nt9DSiLW9LU sNA38TD+/XEZAhUAxRE0d4nwgtMmIqow53NIUU9o8wMCgYAd7FUeD+rmVu724bZK isH+jlPriQ5orL0Nu9eZmqTxDPUz8ZeG3sz2JC/sM5MHhxniGQ8U7Lxfw4OAke8o 45FCymnza9HMVM+2QXPaY9pxHYyrNp7UKPH9MD1BgZV1x/993PdUCQsaZdKL/nOe /lpioDqCnhpzuEjPqD30RVAvCQOBhAACgYAtBXHfgYOeEQo/4LK8ViTk3sTUB8W8 /25RGXqNi/tVbxTBXMemLiGhHqjoa4b2zMdaIL2MQ5dViPHDqrksD7M11xMKJlpA TsUIrXkEWy77cF7ilx29T0Mv12SFX/Zm83tgYVRGUW41T8mZz3U4hsixoNAmI/ZN HhOOZXoijIJG3KMNMAswCQYDVR0TBAIwADALBglghkgBZQMEAwIDMAAwLQIVAMLf CbaepKEjRa7HTF6woe+owsS8AhRltPbwjrJ8w9ygg2y5+NTh+5CeDw== -----END CERTIFICATE-----"         set source factory         set last-updated 1548869995     next     edit "Fortinet_SSL_DSA2048"         set password ENC Ri+D0z37LiDY23mUr5ovSbCMyXlMNBReOl7lJZvx4abhBYibhveGwUhhqvcMIk5A/JsaW9QLj1cBLvS9l9YqeTL4mywbT9ojIVcVpmyClNIJ2c+AR7Ns5ueADRJySk+6hHSx3r+ts3BglQxPBACnhS0xa9LFwhKZt8juAcxrqL/aRif6pPjke2F1YpHHukLqU6vMRQ==         set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "         set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- MIICxDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQI+TF2mJZGUFYCAggA MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECCn7DDBCJL92BIICcARuUQfvstir ErsvM1aLfxG+APTiQSwJKTTPGI1jmhUSqtgXZ9YeA4rxfrnJNziDHnE21irwudPn PR8193HnQIUVL/4LhdlW7k2gEqmVoVyzfzTUmqAIP55cZvCHp0PpIfQdBuRooQUV iYt+BttTjOQHCr+slYJHsSdsZc+MqQ1bA2mCHLLrnduCCMIdaKo9VpUItK5BdZZA KqhwW8x5Z52u3NrXsGexKsg5CtiyE2e8SzlVdwNhOzguulNO8OV5DEyWhihFQRao mJUFrswQ9U9WIMOD7hkuLaZrL2v3mrBxs8PN1s1w6u6XI4whpT34rB+dJr7g1ZNd S/nPTO7s/g7QyN6a/Zmxa7lqPmbr1Z5c6pj5AS/zUhkvcfgInkROxbQooZ5pXsjM 3CcYLbURg6MkF8A9plGZDOi0l9AQ8DNnatlrIginv5o9PyA38SMlM1eGqSl6yy+e XLqKMjKRPdoqVApmDh7ZSSGYALnPUMUwoa2xEjGwt+wLl6lPoItfvqehASIB03Yn l9ljG4pYYVCGNMAy8svQe0/bEUn2GF4pAFNXQg5s5A5pdQVFAClG9xqVGFJJ+tYk QNOgAdh15mXTv7xksmBmwZ1kL0gwv+RRyMJJb802rumeFsdjpa37ttBIuc7udOof iz1TgxnsMIT9E67qAdTwoW/vF33x93/3++vspnt1CX/wuhCrBVgbIeRkQwi6pHCI AIIYCwk+Fywhx5MxZ4sTf8UyFHjbl5tj+jfwcLJ6XtY8Zbofb36tWz0cTWcwBouR Me5zHqRILeLj1Y8zr4ioWBUs4Vsa/lzTJ9iL7SGGds2BYu5AswV1rA== -----END ENCRYPTED PRIVATE KEY-----"         set certificate "-----BEGIN CERTIFICATE----- MIIFKzCCBNGgAwIBAgIEFTk/MzALBglghkgBZQMEAwIwgZ0xCzAJBgNVBAYTAlVT MRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUxETAPBgNV BAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMMEEZHVDUw RTU2MTgwMDAwODQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29t MB4XDTE5MDEzMDE3NDAwMVoXDTI5MDEzMDE3NDAwMVowgZ0xCzAJBgNVBAYTAlVT MRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUxETAPBgNV BAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMMEEZHVDUw RTU2MTgwMDAwODQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29t MIIDRjCCAjkGByqGSM44BAEwggIsAoIBAQCDEITs16Q2tnsgUqok2HVkL8Lucw+z QrZ+rF6Y1zKKtaXsXd3ysvk9sAJBJ2jDZAmhNE1cnHCv9oAZSFk5dOR2lvE6ICHO 8LtvTz8o/Mb0otIPmozlkBLKhiPw44dVwtMI+wfRnAQgvboPRFc/C0xUoSeWErqX qgIDwiVzyVIiZXVYHX5RDpHdQN1d+whh2baxE2iIgPLdMY73MGI/0xlj32AFVDfh jdRC8RXmrAwGhmGELA04UXi+O0lgmfyKPHIsu2xnZL36wFVwwECyXrk+7QJvvkXA oEW+YcUppgid8nGNNatdw0lqhjfNL6sI+5XwZUcInASgxrhH6gpD6jufAiEA/tLB UYh80OAgfXVNAuFQIzrQZTYvRHFCAu6UAK4YAzcCggEAfhCnaGZt6BJrVgC2UiJl GczrfmHkArmetpijoqoPEBbQ1f1bYubZDpuViKsbhfHle+lHwV4zyn78BcFXH8+2 9QVTsOYsHh6stiD9P6Gdilv10MD0QOoUxDvS7Lkof19JbaHLtW6y4OY4hs/jtxy2 u5cQn3DIaOTj8yfvgdrz8tgbViWVN6PwU/KvGYDfCkX5htBUoZU1LpkOjSN0GTo3 zU7wulN1SQQ0+uwpdFANWB0qUOgydfivOzF5HCu78pzpl7MrcVjnRA3FCqpSw60B nYTlEG7w4TRgjEdXkRjfIEHFCTyiexkQhH4xUILmRjr2HgDui8pXRWwHmWE2EBkn cQOCAQUAAoIBAAjBiB9FZO7TSqmZ1ye+P/LSrk0shWl8zlwcZyN8izudjX6D37TV OHNefaoe2tcvEl2jJdzEQ+nY/YT7pQmYDv1Dj99JRqAEwx51//hTnGVgillJcP2j Y4PBiDe0+4b7vfdBgrB09Cy7o3J4LuaLW3FG6xGHm760XJP52kQ0pv+N2M9as3bB Sn6+uephzxhhiIt2KOpAo2UVd3nEUKI1ntCIU7L5mdeLHobVf8SABPeeQ2Fnh+1c QsMvD7ieONKhwPKN5nBOFo1u5vKrrJc0/oHzpF7RBa4wWAUMtwrFALnDdfwSKLin L6Clyx4L3l7r8wIJrq3yrp8EpgbtKjpy4ZejDTALMAkGA1UdEwQCMAAwCwYJYIZI AWUDBAMCA0cAMEQCIDezXSYf7ckIuWGjhSatKCU4krfagN1ViGyAGoKeSfn0AiAS ZTycRUMSMPfg4xTGxoPfPlZO7C5O98+5BRKqrWfYjw== -----END CERTIFICATE-----"         set source factory         set last-updated 1548869996     next     edit "Fortinet_SSL_ECDSA256"         set password ENC XxV4F/NId3QKIOz6AvDErVMx2lBMJYA7V0wWILr9v0Ip6u3auez5lQNSOK2wnQPZa5zEpJsECno70TcQT05JaOaDIxcUdj6LiPj/L+XuW69VXTNfXTIwK5e1FsD3gZvn4P/z8sNZF8JvxkcYazQDeEt+Pp81NVnyaZE3hojV2LAWQj/PU0MEKJGZXVmHk7PYKmEarg==         set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "         set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- MIHjME4GCSqGSIb3DQEFDTBBMCkGCSqGSIb3DQEFDDAcBAjT49GMlU8F0wICCAAw DAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQIu2yaqFhYTGYEgZA2/YbQwbJtzw6f f/knf3jb1RQA++4EfgxMubIoLKd8srmCRgd2gUzPUBhV1zdDgazw4MuYjWL5pLdK NX0J5MnbSZc87ts43JNlpfiSrknjvPLlPD9VQE/MB/0aG1oX5fpBnf/qGfQwoaaJ fKkSeGov1FMRUl6sMUo2UCgszvJhjNhrkgDE9xHo+5J2wEcAoBI= -----END ENCRYPTED PRIVATE KEY-----"         set certificate "-----BEGIN CERTIFICATE----- MIICOjCCAeGgAwIBAgIEevr82DAKBggqhkjOPQQDAjCBnTELMAkGA1UEBhMCVVMx EzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8GA1UE CgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkdUNTBF NTYxODAwMDA4NDEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20w HhcNMTkwMTMwMTc0MDAxWhcNMjkwMTMwMTc0MDAxWjCBnTELMAkGA1UEBhMCVVMx EzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8GA1UE CgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkdUNTBF NTYxODAwMDA4NDEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20w WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASdYN7JabJic+xn6obLPyJq1ZON0nLS 3GbUzvcBjjHslRdTq0JH/lcXPwYISxmqQJ0Ne0P7Ie9ZmytFFa4JjVWdow0wCzAJ BgNVHRMEAjAAMAoGCCqGSM49BAMCA0cAMEQCIDmmUeRS8nEme1Vy6p8pbcB+Jz8N gWGPTJ4P958SSIv2AiAI9+wFiS5HbVeXHTlOhCV7pU8E3GW1AXFASNP1vwylag== -----END CERTIFICATE-----"         set source factory         set last-updated 1548870001     next     edit "Fortinet_SSL_ECDSA384"         set password ENC +Vd7Dkf0XeXdu4jco4CUJDLJF9+LZTjFV1SPnKU2CyTyu3CKbnISa8wgYYu7dgdMfhkYUfeEwh3hyVS7m7wnnFpKosKQhTSygyAxWsnN+eGRal2Uz+veWX4UabEM6Zq5J+rjfqkeHQYvqb/txbu4JdOni7iAVulz8vX6koHH4MzAlU0SKOuPTF86FzSw2ycmSyfnGw==         set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "         set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- MIIBEzBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIIN+CRl6aI4gCAggA MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECDxZf3aDubz5BIHAQFEw7HLq25D1 B5QFW304dROTKkslPmTMtmyNiEiL4Nl9r45tRguv15IrAI+BhNJVHt8KjXxcvxzh zV71vOsG6omq5wTVDbRfIXINWEe7JWv9omBCJVGbZIrlFlFPX9+PXemjuEPhThHm wYnnBCrR8BOKKIg6yxCuP3znpdlzPudN4wHOtw0N/V89F6a+hwsvOgI1N3tjsDGE CCy0WRKwEx7eNfj7oo1AybiCGgLnCRNcBKxQ1NSqeTlznuM/UC7q -----END ENCRYPTED PRIVATE KEY-----"         set certificate "-----BEGIN CERTIFICATE----- MIICeDCCAf6gAwIBAgIEU/D/ljAKBggqhkjOPQQDAjCBnTELMAkGA1UEBhMCVVMx EzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8GA1UE CgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkdUNTBF NTYxODAwMDA4NDEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20w HhcNMTkwMTMwMTc0MDAxWhcNMjkwMTMwMTc0MDAxWjCBnTELMAkGA1UEBhMCVVMx EzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8GA1UE CgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkdUNTBF NTYxODAwMDA4NDEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20w djAQBgcqhkjOPQIBBgUrgQQAIgNiAATzKoPpvSex7IKB3ik3lY5N5DUw3ZS4UFL3 AV+PsJzXJxgafqYqL2+sUAktNncOjtHw3eJD7ynGJYVh4427x0UrdEUjNwLul4OE tWmMGwnrO5gfXJ+yCppBDYmQFzZtSaCjDTALMAkGA1UdEwQCMAAwCgYIKoZIzj0E AwIDaAAwZQIxAP7bhwgtF3IVasLZPzaiexg0LagDgCz2PbGE0ImFQgg+8rmHfdqn BWe2DY7jpeyWOQIwJM78NtsAqEjF+PhSUmkGoMhwUB6R8y7ep8e4ExyguxsLLujV qnmeWOnJny1dDPSh -----END CERTIFICATE-----"         set source factory         set last-updated 1548870001     next end config user device-category     edit "android-phone"     next     edit "android-tablet"     next     edit "blackberry-phone"     next     edit "blackberry-playbook"     next     edit "forticam"     next     edit "fortifone"     next     edit "fortinet"     next     edit "gaming-console"     next     edit "ip-phone"     next     edit "ipad"     next     edit "iphone"     next     edit "linux-pc"     next     edit "mac"     next     edit "media-streaming"     next     edit "printer"     next     edit "router-nat-device"     next     edit "windows-pc"     next     edit "windows-phone"     next     edit "windows-tablet"     next     edit "other-network-device"     next     edit "collected-emails"     next     edit "amazon-device"     next     edit "android-device"     next     edit "blackberry-device"     next     edit "fortinet-device"     next     edit "ios-device"     next     edit "windows-device"     next     edit "all"     next end config webfilter profile     edit "g-default"         set comment "Default web filtering."         set inspection-mode flow-based         config ftgd-wf             unset options             config filters                 edit 1                     set category 2                     set action block                 next                 edit 2                     set category 7                     set action block                 next                 edit 3                     set category 8                     set action block                 next                 edit 4                     set category 9                     set action block                 next                 edit 5                     set category 11                     set action block                 next                 edit 6                     set category 12                     set action block                 next                 edit 7                     set category 13                     set action block                 next                 edit 8                     set category 14                     set action block                 next                 edit 9                     set category 15                     set action block                 next                 edit 10                     set category 16                     set action block                 next                 edit 11                     set action block                 next                 edit 12                     set category 57                     set action block                 next                 edit 13                     set category 63                     set action block                 next                 edit 14                     set category 64                     set action block                 next                 edit 15                     set category 65                     set action block                 next                 edit 16                     set category 66                     set action block                 next                 edit 17                     set category 67                     set action block                 next                 edit 18                     set category 26                     set action block                 next                 edit 19                     set category 61                     set action block                 next                 edit 20                     set category 86                     set action block                 next                 edit 21                     set category 88                     set action block                 next                 edit 22                     set category 90                     set action block                 next                 edit 23                     set category 91                     set action block                 next             end         end     next     edit "g-sniffer-profile"         set comment "Monitor web traffic."         set inspection-mode flow-based         config ftgd-wf             config filters                 edit 1                 next                 edit 2                     set category 1                 next                 edit 3                     set category 2                 next                 edit 4                     set category 3                 next                 edit 5                     set category 4                 next                 edit 6                     set category 5                 next                 edit 7                     set category 6                 next                 edit 8                     set category 7                 next                 edit 9                     set category 8                 next                 edit 10                     set category 9                 next                 edit 11                     set category 11                 next                 edit 12                     set category 12                 next                 edit 13                     set category 13                 next                 edit 14                     set category 14                 next                 edit 15                     set category 15                 next                 edit 16                     set category 16                 next                 edit 17                     set category 17                 next                 edit 18                     set category 18                 next                 edit 19                     set category 19                 next                 edit 20                     set category 20                 next                 edit 21                     set category 23                 next                 edit 22                     set category 24                 next                 edit 23                     set category 25                 next                 edit 24                     set category 26                 next                 edit 25                     set category 28                 next                 edit 26                     set category 29                 next                 edit 27                     set category 30                 next                 edit 28                     set category 31                 next                 edit 29                     set category 33                 next                 edit 30                     set category 34                 next                 edit 31                     set category 35                 next                 edit 32                     set category 36                 next                 edit 33                     set category 37                 next                 edit 34                     set category 38                 next                 edit 35                     set category 39                 next                 edit 36                     set category 40                 next                 edit 37                     set category 41                 next                 edit 38                     set category 42                 next                 edit 39                     set category 43                 next                 edit 40                     set category 44                 next                 edit 41                     set category 46                 next                 edit 42                     set category 47                 next                 edit 43                     set category 48                 next                 edit 44                     set category 49                 next                 edit 45                     set category 50                 next                 edit 46                     set category 51                 next                 edit 47                     set category 52                 next                 edit 48                     set category 53                 next                 edit 49                     set category 54                 next                 edit 50                     set category 55                 next                 edit 51                     set category 56                 next                 edit 52                     set category 57                 next                 edit 53                     set category 58                 next                 edit 54                     set category 59                 next                 edit 55                     set category 61                 next                 edit 56                     set category 62                 next                 edit 57                     set category 63                 next                 edit 58                     set category 64                 next                 edit 59                     set category 65                 next                 edit 60                     set category 66                 next                 edit 61                     set category 67                 next                 edit 62                     set category 68                 next                 edit 63                     set category 69                 next                 edit 64                     set category 70                 next                 edit 65                     set category 71                 next                 edit 66                     set category 72                 next                 edit 67                     set category 75                 next                 edit 68                     set category 76                 next                 edit 69                     set category 77                 next                 edit 70                     set category 78                 next                 edit 71                     set category 79                 next                 edit 72                     set category 80                 next                 edit 73                     set category 81                 next                 edit 74                     set category 82                 next                 edit 75                     set category 83                 next                 edit 76                     set category 84                 next                 edit 77                     set category 85                 next                 edit 78                     set category 86                 next                 edit 79                     set category 87                 next                 edit 80                     set category 88                 next                 edit 81                     set category 89                 next                 edit 82                     set category 90                 next                 edit 83                     set category 91                 next                 edit 84                     set category 92                 next                 edit 85                     set category 93                 next                 edit 86                     set category 94                 next                 edit 87                     set category 95                 next             end         end     next     edit "g-wifi-default"         set comment "Default configuration for offloading WiFi traffic."         set inspection-mode flow-based         set options block-invalid-url         config ftgd-wf             unset options             config filters                 edit 1                 next                 edit 2                     set category 2                     set action block                 next                 edit 3                     set category 7                     set action block                 next                 edit 4                     set category 8                     set action block                 next                 edit 5                     set category 9                     set action block                 next                 edit 6                     set category 11                     set action block                 next                 edit 7                     set category 12                     set action block                 next                 edit 8                     set category 13                     set action block                 next                 edit 9                     set category 14                     set action block                 next                 edit 10                     set category 15                     set action block                 next                 edit 11                     set category 16                     set action block                 next                 edit 12                     set category 26                     set action block                 next                 edit 13                     set category 57                     set action block                 next                 edit 14                     set category 61                     set action block                 next                 edit 15                     set category 63                     set action block                 next                 edit 16                     set category 64                     set action block                 next                 edit 17                     set category 65                     set action block                 next                 edit 18                     set category 66                     set action block                 next                 edit 19                     set category 67                     set action block                 next                 edit 20                     set category 86                     set action block                 next                 edit 21                     set category 88                     set action block                 next                 edit 22                     set category 90                     set action block                 next                 edit 23                     set category 91                     set action block                 next             end         end     next end config antivirus profile     edit "g-default"         set comment "Scan files and block viruses."         config http             set options scan         end         config ftp             set options scan         end         config imap             set options scan             set executables virus         end         config pop3             set options scan             set executables virus         end         config smtp             set options scan             set executables virus         end     next     edit "g-sniffer-profile"         set comment "Scan files and monitor viruses."         config http             set options scan         end         config ftp             set options scan         end         config imap             set options scan             set executables virus         end         config pop3             set options scan             set executables virus         end         config smtp             set options scan             set executables virus         end     next     edit "g-wifi-default"         set comment "Default configuration for offloading WiFi traffic."         config http             set options scan         end         config ftp             set options scan         end         config imap             set options scan             set executables virus         end         config pop3             set options scan             set executables virus         end         config smtp             set options scan             set executables virus         end     next end config system resource-limits end config system vdom-property     edit "root"         set description "property limits for vdom root"         set snmp-index 1     next     edit "MGMT"         set description "property limits for vdom MGMT"         set snmp-index 2     next end config firewall ssh local-key     edit "g-Fortinet_SSH_RSA2048"         set password ENC p95mvd/vJutU5caNkfj5heeLezxucx9O01Qj8ugyxgX2sAcYPGmSpwTfJRbg1f8Sf7ndmjRlaZVAeA8tPVvcLbZV3+qhtjrsFY2PwGJJ5HXVHcEyxEzVvxZOGeLrH5ntGVkzoBalkwwUlG+YVynJF7A8qfzpBuDBkwm3JgbcuP2bk+5O4A6yzybRmTtuxm6yfMx7oQ==         set private-key "-----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABC/r3OMzE GUewAg3UdsoUZhAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQDBZqMwZBY+ 5THJL6cUDSHirIggSMum4tB1YNdgDLk8gNwTJXy0ZKfoLNqT4Sc6F9IYcvzHmaNIU5LJi1 2WrdXIEUxiV+xXDiggeJLM31zc+UR2jepnE3VYGx/asKiheoumK8EtrLatGmuDG4WhRN3z 1xkElcDUclNgHJyIPbexJq2NQ4UdONXPcWEwbp+C5r2dpRTEPitpNSur69SamxNxBFfC0o vZ5O5ChmQLfP4beAwfH0BeW9uKfPJa4U4wYKRRfW2l1iJGq+Td/JjcdrdZ4gUdqHoSQRaU /fAgiZJG3MROx7gHwuyFKSkw6J8QIdDQfiE6Ir25FG3D7GB/URwXAAADwDVVfZJaHuGeb2 QD4FvfB1+4uqkv+/tYoxk93NmpNA9pszGvm+2CRBqvMQfCzhVK9qRErigiap/fRI1zt8WG Fgpam02jnmIkJiG9O6lV0/Eor1SQR9tvl+0Ypp3Zo47e5gnMJLgjRFq/3uoKiq7wKd+IvS t7LjQfpTBtPHZBM3aRs6yZ9NZ9MRkfHphYEd3CanyDYXre9QXMqyrZtCJYN/vofxf8T0g9 Mrh8g6ovqH9MJCqXw94vAW5LVFPbQtVcKnY+4cbpwjmk55GxVykNJKC2pPcc1ZPD+X5loZ c6MzKNyC7zwcQubLuscGMysfTF9GrDksf+hf5Oum6caYLZ4/OQP72Th991VAxaFv+OhPZC Qxaq58dJG6d5rqAfrOWY+ToegQYoTLwqw4txdXqwoENw7yZGBl9vKN0WHAAYLUwL4QKK1q kbcQZm5RZXl5wp/l4S+kCDTbyGn8oqZSWH9uu5zgmyIX4vm8mRT3RS4wnI2fR4wecRFvf8 Kj/wxdriI/lGDNehl1vwfqoO3YXoTrRSsC+T4Gx/TRuTzOlG6o7poe78zKMISsz8QiPL4c zOb5Q2sOIMzFzXmI6vpsyXMTJ4BFDJY/iTHCTTghQvUntwHHxTDsWBRsbPcFzVWV3bH8te 8O1azfw8b5aq3/tHz6vdhXwAijSKG87ZJR9vF7lTT6uZJzkYqNdXQvBqJTsY1B1xzoo3qb 65WusPbkKfSoDNgoaksH1M9b+R/juv8ujWNyIpeStGiDGTjfi4pPjN3hR4Yd8ZVizbtb7l rKuCIBYlaIubroBh1g32uclOC/4wDDDY4EXqpyVP546y9T28abVqhXh8IjkiX3MFAZl6ZF 2iwQ215VIe2nVOR2zUiXcWjnwhYiyvZ7A9xcHBS+aQO1lmzWbY20hdPG8AdH9gkhMx83iw jIrE3uM9wt6qlP530h3Zo93DVtrBUceoVYZF76kStmdI/yQIWF0fXPAeLD9Y1+jORWRJAw uCQQd/IWUq26AbwaoencRDFRY1mXHQVcmk5zZEVp3okyuAtMGNudbicHZKFqIZIeaWj+xs 4NL3aEEm3eDD/vJorbwZAG5kNTq8qhcJqZ8SsmMJg1qnupy4rb3Nn5YLn1asE/sY2VHk3C zKGVcGeT6b0Aespxs7WoQB6CTTCIy8XQbqipXhuA5P0X8uhSMW/xXDZniqVv0e7Is5TsuN Go+mvGKVsRiUPPZlwk6P0R3o5pEWtjU+10KrMfxC4NB8ln8zz1bPvHWgTUb3qIle1AOdhe wwU6p78Q== -----END OPENSSH PRIVATE KEY----- "         set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBZqMwZBY+5THJL6cUDSHirIggSMum4tB1YNdgDLk8gNwTJXy0ZKfoLNqT4Sc6F9IYcvzHmaNIU5LJi12WrdXIEUxiV+xXDiggeJLM31zc+UR2jepnE3VYGx/asKiheoumK8EtrLatGmuDG4WhRN3z1xkElcDUclNgHJyIPbexJq2NQ4UdONXPcWEwbp+C5r2dpRTEPitpNSur69SamxNxBFfC0ovZ5O5ChmQLfP4beAwfH0BeW9uKfPJa4U4wYKRRfW2l1iJGq+Td/JjcdrdZ4gUdqHoSQRaU/fAgiZJG3MROx7gHwuyFKSkw6J8QIdDQfiE6Ir25FG3D7GB/URwX"         set source built-in     next     edit "g-Fortinet_SSH_DSA1024"         set password ENC tl3lw0CSrKeVd7ZrleFju3moV38rvt73pGYJs9mweM1J7a3axIuJqIUPTwUi4unrLofeNW9KGr1cgz4IdUMjiJcHtGlhFkTKIH4BpgizL1DaTWUGN/pWiD4R14O4KSKxLMZspUFIyG1ycJMhimqzQts9gyzbgTYmvcHe3euf3dNq73OQeSUMKupQlJEPt03y2jRj3g==         set private-key "-----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABBzqsT4XA 0Hg5WeyR/UVBjQAAAAEAAAAAEAAAGxAAAAB3NzaC1kc3MAAACBAJCRDlbrVFe9gpBy3i7J qUxyOqfsRbIRXKIs97hoP+m3SceQUD42m55HmQz2ePiZrFlu7qzh15hYTb8AZrlDqFHVrG /09ycvuH1WVn5GbiHALF07gGG/wahtiR+yrheLzA6/SwoKQLs17vwT+d1HBlAyDdp50D6Y 5UOHhA3xS5/ZAAAAFQCvpNUGASFt+O9qDLo+DtosGKWgQwAAAIAd3taOQmZR3FYgE1D8oQ YSwIJiRMFFg5xL7SfxIRt8iGfJ66r18xXBzkn79gP0YZBX0/AqB5Ql3xxmhbBaNK6n9Wdl Ti+kh+4+IcGVwiRqbu68x81yYoV9HqORAKGW+vMQzMhUcqj2twzmWdm0JTBgK+c6LnpaCg z2vrdIsWP6BwAAAIA6yQTsZftdfKhA05pj/6ut6uqEi9lY8ciWMRIJ0tf87jI9qO/yKE7N VL9HTq4M/ktx6VhOwz/colcy8A1Yp1ctynwcR1sOnSpYgwb9q1RpMSi+mh1Pimk4mb+IDL In2A8AQVNdBJKKh8/Hm05PuSIcPM6o5DC2g0FogeDz1d/W+wAAAeC5Pe3E7WIy1Z+YhM5s EEoMUBt3pUvMw+CkSbOumokcjX0KQUcVCcTY4Jx6446oO9vOWjF2IPecF1zsH5kfDpGoiG CYt2gKCsWKKnb0AINPG+fJhjZAo6UgY6BEVMkPhDMZ1fqdSO0p9296aSju+D6BtMye+O7/ vWbA6yZ2agK9JBMdFbdKfy7ThSnsGDJl6ikR2Jiv9hikEguEnvBUmL7PeNt6TTVPEu1OFi GVkKv/6LAv4Ek1y+vwfOAM2mYw3lGAZlBlcHN3w851jd/zuy5R5ZHh/Lq+J0PLXH04yGgA LYBHXOnk1gMfjFQXqElqcvHctM4/0BCLFI7amsGh/tlK8E63GfnHrovA67dChiKIMD4K8A cheY2bC2bTeNnNIMNUGpqY/NSGViG53DPzhql8HUSTw0toriC4t4x1Lrvv5is1Rv5PQE71 6EGo5MW6sj+q5fZJJeRxM/ipAHoIVdz/Stmn0tz5oCmDt2T3t+vU5IOo2iHSGrBY2xKP3t kceemtmN3LnJE+yKvK9b7t86rbgjuQtN/9HLA5XrbY6yVgfSONmieVFqGIYyg3IBrAn6Pj eA3GwsMvpo6FPsArZgtewGliqpLbnunaBHwbWspHnxCw/dmuIFGzdXQTb63syVw= -----END OPENSSH PRIVATE KEY----- "         set public-key "ssh-dss AAAAB3NzaC1kc3MAAACBAJCRDlbrVFe9gpBy3i7JqUxyOqfsRbIRXKIs97hoP+m3SceQUD42m55HmQz2ePiZrFlu7qzh15hYTb8AZrlDqFHVrG/09ycvuH1WVn5GbiHALF07gGG/wahtiR+yrheLzA6/SwoKQLs17vwT+d1HBlAyDdp50D6Y5UOHhA3xS5/ZAAAAFQCvpNUGASFt+O9qDLo+DtosGKWgQwAAAIAd3taOQmZR3FYgE1D8oQYSwIJiRMFFg5xL7SfxIRt8iGfJ66r18xXBzkn79gP0YZBX0/AqB5Ql3xxmhbBaNK6n9WdlTi+kh+4+IcGVwiRqbu68x81yYoV9HqORAKGW+vMQzMhUcqj2twzmWdm0JTBgK+c6LnpaCgz2vrdIsWP6BwAAAIA6yQTsZftdfKhA05pj/6ut6uqEi9lY8ciWMRIJ0tf87jI9qO/yKE7NVL9HTq4M/ktx6VhOwz/colcy8A1Yp1ctynwcR1sOnSpYgwb9q1RpMSi+mh1Pimk4mb+IDLIn2A8AQVNdBJKKh8/Hm05PuSIcPM6o5DC2g0FogeDz1d/W+w=="         set source built-in     next     edit "g-Fortinet_SSH_ECDSA256"         set password ENC YtqL6606qTEQSqRT3aXAaBvPX4AWxzfkUQ61/jcWQulomr/HFEMls9NqqWYiZy5URtq3Ur95ZWinrBGQNxOF4GdiLyUzn9I1r4rygnqrWK0W3CX/lC6sgMJSsGEwUXfGkMUNLWnKTywkvN0HEf7TI1pOxCSn/78eY+7heRHawH+Ms6fToQSnrzPOgs6PJOXMAD/4mg==         set private-key "-----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABAgxB+uyS /b3Ohw2u/tNQtoAAAAEAAAAAEAAABoAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlz dHAyNTYAAABBBLcsDyc3TyBdpudM2mowqlrobk1o20TQhrcQ6rPLLkrvqeb0BvfSruDdZF zNyWiG+EOH/C3L2f/7U75S+BhwZgQAAACgFXH2k2V5RsHsbQPNDSRCJd03yVRpUlUVhCFo UU5I01oNeromae/CoBDDzgf6Cq1Nia71JqXHzE9cEkG5kKNPJ5G4ksMAKFNPZ9T1d6x5j4 sl7aN/6SxIAiU1dS4wwNDNw1mO4Vx2UtIwMgMvhaEKMUWvS/3AKYN8oqWWzzOcvK8MKcTf eajy/6HBu5E8021xIaaw8JFSlhCEFVPHXrgeVw== -----END OPENSSH PRIVATE KEY----- "         set public-key "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLcsDyc3TyBdpudM2mowqlrobk1o20TQhrcQ6rPLLkrvqeb0BvfSruDdZFzNyWiG+EOH/C3L2f/7U75S+BhwZgQ="         set source built-in     next     edit "g-Fortinet_SSH_ECDSA384"         set password ENC fMBTlP1Bk8vBofyN5hhRtaBfNey/SmzFpP3j+FoNt9NPD4IVoKZSGleNhpJ8nzSOrbYeyYNocah53RxXjWTxQ7S1cjsaX2zXKvn0QJZgQiMZWOVUTyfKnsi14rDnAWLwLI3lfAQVDmJPFxtn41DgDvkHV7Sey7SFavDqXdpknJ+WFhLlXAHkXI1wL9ocmhdh2FUQYQ==         set private-key "-----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABB797K0XU rrx46MY1Gb902+AAAAEAAAAAEAAACIAAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlz dHAzODQAAABhBGq7JipF3Vpr9gf49LwLbwA3KDPNCUQm+PDzA4EpK9NArtf1V6dOKLOl+G XN1yW1gbf2EA7EtMG4CJRAu914yvqOjPIgYPob3TA3O2DyCj7lE9eJluNSWx0q2qsH/EfO sgAAANDOtIBhNZ1vi/lfIVrWku9Bu0WHxoxeiPtsyLdVzYjuLJ/8Onr6NotSYJtkOhEoNo QgsYnk+tuHjJiSMO5fwCoZuA71oMmV6uSWviOrtcn+wiU7UaHzTuqoJnABZQBQJ9z55lx1 B21662vWhhP+bQefIXlgg255ymtlNoI5JG0Ur3W8y6bInmpA7fCXdR+FsHGjKhxrIhWWlm N7NHPfEtAcrS5J9nYJrpxxPbUVa+gRVQZi5Ue+vKOZsFqTL0i116BwKCAa62WZxWSpv+tA R2fJ -----END OPENSSH PRIVATE KEY----- "         set public-key "ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBGq7JipF3Vpr9gf49LwLbwA3KDPNCUQm+PDzA4EpK9NArtf1V6dOKLOl+GXN1yW1gbf2EA7EtMG4CJRAu914yvqOjPIgYPob3TA3O2DyCj7lE9eJluNSWx0q2qsH/EfOsg=="         set source built-in     next     edit "g-Fortinet_SSH_ECDSA521"         set password ENC LkkTcnG88DXrdh9K9/ufsnHk8f2Sy6yPg/Jy5dhFwxC3cVx3NzCPqcWZownALwW31UjNgV7FhVcF5BgD3G8I2rsq9b2fsHH9H4t0AXcqczbgksOS83+Lj0fe2b9ckQOifu8s3i2L96EJco4zB3kRiIHISN2vZU7qqVGKykvNLr+SkTyDbq/FOiM9j2Fb7+N/jxA6aw==         set private-key "-----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABAElD6vL9 aowy4A3i81VKmhAAAAEAAAAAEAAACsAAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlz dHA1MjEAAACFBAHoR+TlwEh8u0U6L7wGS8Vk3UwsQUkTzIuaiZEUYGzi7qAlMmA1ucPxYp sIN+Pn9ZlB4PAeJ8tO/nFqisVTMVyJHwGarW26tdZxNBg7Lpgp1oz0Mm2IbRLXzQ5hPtJG RLlzcpqJJK7uHVc2XqIg5B3ytoCo0sE2Lp9blumPuRpXlBfQCgAAAQD4lRJQA/8Ly9pIvN gLjFqXp0lwjTtjHDASNRO08hbR5BVQNdW5nk7L6Z0J1lZ2JdxVgvxsRQL6zLCUkcSMomjy kmkfFmlnVoZv3rIONnHjY9AOeSINyQKME/ykcSXbJ03aUPfexvbHwCUVuG+O97ppvFMYJP WPFdG1wx4Rmx4RoG8Qd7pLhJuSmSF2rvo5oi2a2+ZUBGrX2I2UE2aQM0uMXUXO/o/1MjlD Z4ypOTxSZBpvGUnoEKKzkiF3lSI2aU3rpk+nLppxNvYPXzTETLc+zmT2SLXUiNOP2ZSctZ Yq30iCFNq9ImETlbkpxJe+U7sl0khI24JpQ0fVllzK8ZnJ -----END OPENSSH PRIVATE KEY----- "         set public-key "ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAHoR+TlwEh8u0U6L7wGS8Vk3UwsQUkTzIuaiZEUYGzi7qAlMmA1ucPxYpsIN+Pn9ZlB4PAeJ8tO/nFqisVTMVyJHwGarW26tdZxNBg7Lpgp1oz0Mm2IbRLXzQ5hPtJGRLlzcpqJJK7uHVc2XqIg5B3ytoCo0sE2Lp9blumPuRpXlBfQCg=="         set source built-in     next     edit "g-Fortinet_SSH_ED25519"         set password ENC jtfbolL2v0Fm3P7pRfPLPRGnclDg1Z6rgLSuDqyMbyXKqoghcsqCkm2PYYPaWkuPVikzHf9TEaXHUQC8OSRo7wv4ixjQ2aBoMM8dGbzzTk3Q6ZZkVhWMAZjx8gtiZEp8Onk4XC41w/0p5XallRlqQFgb7uBmSPZ4arcvbd2RQGFZ9F3Zb54+Rf506N9obrgbH9YpFw==         set private-key "-----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABB3v+TA9S iCcSbK5lD0lmZCAAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIDjxUcZ6C9nyjr/A FOzQrqhsFmhylYXreBIalg9Gt3V8AAAAkNsk80BU1XEl5mHMFwbNHD1DlP3eIh4t2wTYk4 ysKwLoGkfW0Ldd8mKJIJxfkDaBtJ5fTc9uTCCPkP6xRIbF7CN0IYDWREG/F/AatgqdysWG NxtZu8wLzC7TVLVC917Z78ztCrWbyZerui/ZvZQO2vru4n+vrVlHvDjtqfgJonenXD4Qcz MJjiw1CFWL/SN/AQ== -----END OPENSSH PRIVATE KEY----- "         set public-key "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDjxUcZ6C9nyjr/AFOzQrqhsFmhylYXreBIalg9Gt3V8"         set source built-in     next end config firewall ssh local-ca     edit "g-Fortinet_SSH_CA"         set password ENC kvBNQt7+Ur20JVsrznRhDmhaCyzXvsG0C/7J+4MP+Af6uWypiH5f7Uqvz331CenKf7P9inFTKxqG5GIou4kqoVH2KuM4h6Fdlty7HCcitvzG/GrnQaUiEHrXSeuNV2AWugiICFO5TT2itPGyNNNxBfwqBY+QcYSC/fKyviQhJ5c6iRodd2/T+AG884p1jFSLrRGK7g==         set private-key "-----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABBdjIUQji P+LfEkEEruoLLkAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQD3Bapmtn3T x0H2Ts0T8te8BPZuZK1q6eZYvCu9W1oQm6S/ePWlYDdna2l01vbMLolxClRFADtOXp1ZPb JkM1E4c7fS2G4vLkfafVpADuLWSfrlI7MmDce8IdhAf5bJUDgfUxUMCwrhVWFfxYTJyxz2 6iV5/9R8a9JVz4KSujZv5CeOjGpF6aTlk+DpYELCnxQyIJdC0xgO77omQVD+HLMB5RY1Pa 56R2vkltf9StHzfcIy1sBIWhcrNHd0YKeFN6Ly6WVtp8DbRg6Z/irb46lET8K3AwjZfWTt bMt3Oj9dPxI3gcBrbThceR50wbiW/tXjzzRjkdc2AxxbvwYBZUWDAAADwFX53XisKeYa/q nfDub/ybBYP6Gr23u1q9vI6hoE4gNGRJd3eYn8JlSX7XnAnPKB6dH4FLznpOxTRTjy48Ci OpOajhy5MUHVOJ9pK8DXy8wleyMKTCIrzP9npeLSNomax4tMaAUwLm3QlA4VDKIHjsg3Fz fPY4LlsdOGF0WU9EurewfS/hszabVExTxAoVu41hzhlerzj2Z8bJ49tyigKH50pv11wjOS 2ecdM0+KMBwTU6VqT76CtyQcF4yWHas1JeO6AXlX5p9X2QmM8S/1+m1TYuNW6QdcPd+MS1 emmr0qdLeGapsXwi3G+mAYPVGF7fGJNaLF9Nxl5jdKsiVqxPg+8SgEgo+NdLxdx2X4+Hs8 LyuUWizCdRJlT+9kwPoEKZnJ8QFVC76Cb1mY9h5Rk0YZE9oievDatqEZxEjmxEiRDcW5B5 R07xWB3eb2Roh739GEWiLMpj97NrfW7xG5sxNgx6gKvHuTrjybLVYVbPvLOotmmEogOpjN ErWrPhfNxJgL1EjQGJ9HqVG4492FLFMHhPEdy2mVQvbzj5xiizN7o67I3keXCzoBKSQ4Ho NfKFII1YEsjHkDfqDSMgbhnD9s60FSu/GXHBRzrLQ7H3m3swnCxEwZpgJLcovzzOoAUI34 rcXdx8r1eDZW3NwKP9t3r2du+cr+VbcTjXdFssLdGT5mM62FwZz08U+CpPGCYH5E1xoQOS TA3kC+b8+QS3jgFM9ES54SqLeEHinJgGXstd5lQyQkmP8ukoVynju1PglmZbSX4SelRuR1 +B8fTeRNNYq1TVa0ptewI0yeS3rKJJWUdhv8yg3aQNM47/d6Onvvw2h6s6yXi1AouG0TVa JjcM9Wx5i1NdIVmtVhtyKTxmSle+X2n37OPmAuJRfIiTxj8TqILglVULezahh1R9QOVuaz ASB3j6EHQ70GUxdcgiWQgNOuuSNPbMdCCXQi+CZEaKDcShL4zXQvH7p4xaJbc5yi4Axtvh kdGQqyDoF36vHNrdMFQW2U5iIDDzADLHP7JCrR1W/V0wktPJYUYtZKkDgphVLGHVE+knxS 54+b9AKUUb/ez+qjYd+Fzk/cCwZUmMYJ5a7Tx4qONvivBJ2+6kNuAdRsWEnQCsdAl/TWe4 wVYklPk225UCmFMzwW/UvtUvOTCF3d0afp/6tADDPqeC0sltpbiiaEGNXRas49L52sX9qr GOrVRdXuBNyhRy9bhfJWy78HEhaH5LWmMQsudrw/QU54A64k75/wgpxU8++s+HGF7+24kT 3d+Mocww== -----END OPENSSH PRIVATE KEY----- "         set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3Bapmtn3Tx0H2Ts0T8te8BPZuZK1q6eZYvCu9W1oQm6S/ePWlYDdna2l01vbMLolxClRFADtOXp1ZPbJkM1E4c7fS2G4vLkfafVpADuLWSfrlI7MmDce8IdhAf5bJUDgfUxUMCwrhVWFfxYTJyxz26iV5/9R8a9JVz4KSujZv5CeOjGpF6aTlk+DpYELCnxQyIJdC0xgO77omQVD+HLMB5RY1Pa56R2vkltf9StHzfcIy1sBIWhcrNHd0YKeFN6Ly6WVtp8DbRg6Z/irb46lET8K3AwjZfWTtbMt3Oj9dPxI3gcBrbThceR50wbiW/tXjzzRjkdc2AxxbvwYBZUWD"         set source built-in     next     edit "g-Fortinet_SSH_CA_Untrusted"         set password ENC kqzQ3dJER//5s19+AYwfTnzwzAig5P70l5uWqMQWrP1sRcH/t7OSmWLW83YUB0YBJwH0aZW0MeQC1LmETcLqvoG7DBhPM0PLJ2k1cx2FaUiAASIyULY208BBJeoao7MsX7Ei14H5ZNOwagv8ikwOqQaTatUtvw5MzV3n4mJQT8gppQElPbRtnNAY2r+ik3N0phww3g==         set private-key "-----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABBBU+v+2X 6+IaHWapdpA0gFAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQCrGcoZpqhW B+Sgh64AzYFMNgP14oyZh6D9pDW4Xy7vK7Y1iIZxAy1lBIG+jvGNNbKmZnd4B21snbrcgO HOxIIiM5f8kHABHr4v+SWsRm3rSOvFL2/pSnltlnRcJu7GYlIIWDOEy6tIkhoqDfiZrWK3 TFrBk0I78xhINRUlolv12XU/By7Zb0GLti2KjuUkBM4e6zUZlS8KADGGuriwhjymL1gCrQ UTfqKvyF7q65LwpVSxT+/SAhDAzP3PtImvHFe5zSnpyPtqAAf0MgkV4rA0ube2DyDQuqtw CdK6VJkzn567h25a7RHBxnv1GRMUXpbn3BsQ4JvG73iS8HSNQERNAAADwPnvpz3UMjW7+o GbkPKHwDhGp+zxYMl1giY2FAHLcXOTua3j4+UAAJL6JE4TBS8/nR6n4pBuc6ixxX4sk5wY QF24xwF30bfeaNeT0MvygAn4LCpS1z5trsDw1tkfrLTV9+h7eIhdMevBZwo2O0oZrnqBKw qnJqELONJl6D6deZo6t5hwUqcsUEWSntSBRmrmTpA0wfHCR/8KW2dye00+gRfGUkVXR9hW lplZJcLKYGimWpkgiY/ke31UlcArwf0pcW5lbodu25/5OgOeKISvhOTQXvIb9qiZFslVsc lR9HlCDLTp1Vt1Uc+ImWWMHNiEQjqBOfZXStScHWeXswWE+FkkpokjgO6rqwbIv+Jx7AOP HsQ7sYF4GOq7H+4qgz/0HeGD0gYXxGKaWX3iRPszG1DRti4DC77UWKNt0xS9HnH1Z5MTBY aLZdvPS0QCq65dLIFld8O9zkK5KlkiqH3SzHqWxYi1M1KFw6Yhc8VnP6RjLuk3DpGRVvif butBiJBNU9aIvAogWal4CUIPq4Uet9xdMGxmtw6cJIW9899tMK9NMgQaqE2TA3iETueXjR go5Q3Td+6lXDBKvosi6SaO2YLelPl61BZH1HVwPrr8ry4PbLRX4DLtes8bbQXOhRt2mp5h NT0APqk/sdR2eClu1cKDsevr42e2a7MOYU9GKSYQ6G75oSwzRBInCc+8M7NpQm1QZ1ISKq 0FhB2BNViECmDWwm4be92VAwygLarqq/mNGGoLOkyYDGOcQGcnc22gzhrMPj8FO8EIBlbU KspJUsPQfw83F0590238e6n4SYz8cDLlFQ3b3TnHjFqDYnzLezmkktqBEOAObl1Y3jjWT2 z4esWwQOBzZXpBb91alp3gZ5v043/g+LWxpddiqQ47WtGbT0rzQfPUBvdytTAHgs5Ccpxu 7TMIp59yiePOyTTlx+96q/eDysafiE8bpJW4mHg6B5c2+0ca0aqZTNPQivH1uX9yn3x/N4 IblXOzzJ7cECq+DTu9dQlln/atSsp9O2ccPJcN9dAPPwtWFhES+CRVSVE0mX8xeWD1KKse Bm2tuQBktJb+yFBD4TQ6kHtJjAwQ8y7co/yq3NLwgRc06BqDj1lpqCnf93SgqrIN/9nzxD CgzIo44p1bj0s3N9frJrRHTBmYqYq+WgtwsbD71YKhltN2/31dxc7vKpem6sFtawVVXhfI zKdTBoTERihpqf05EhE243UbtuwSThlGoDqnNkpWnyqbZBtZqzKxDZmPjqdbrN4Xa80dkX 96BzOSHg== -----END OPENSSH PRIVATE KEY----- "         set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCrGcoZpqhWB+Sgh64AzYFMNgP14oyZh6D9pDW4Xy7vK7Y1iIZxAy1lBIG+jvGNNbKmZnd4B21snbrcgOHOxIIiM5f8kHABHr4v+SWsRm3rSOvFL2/pSnltlnRcJu7GYlIIWDOEy6tIkhoqDfiZrWK3TFrBk0I78xhINRUlolv12XU/By7Zb0GLti2KjuUkBM4e6zUZlS8KADGGuriwhjymL1gCrQUTfqKvyF7q65LwpVSxT+/SAhDAzP3PtImvHFe5zSnpyPtqAAf0MgkV4rA0ube2DyDQuqtwCdK6VJkzn567h25a7RHBxnv1GRMUXpbn3BsQ4JvG73iS8HSNQERN"         set source built-in     next end config system cluster-sync end config system fortiguard     set sdns-server-ip "3.4.5.6" end config ips global end config wireless-controller utm-profile     edit "g-wifi-default"         set comment "Default configuration for offloading WiFi traffic."         set ips-sensor "g-wifi-default"         set application-list "g-wifi-default"         set antivirus-profile "g-wifi-default"         set webfilter-profile "g-wifi-default"     next end config system email-server     set server "notification.fortinet.net"     set port 465     set security smtps end config system session-helper     edit 1         set name pptp         set protocol 6         set port 1723     next     edit 2         set name h323         set protocol 6         set port 1720     next     edit 3         set name ras         set protocol 17         set port 1719     next     edit 4         set name tns         set protocol 6         set port 1521     next     edit 5         set name tftp         set protocol 17         set port 69     next     edit 6         set name rtsp         set protocol 6         set port 554     next     edit 7         set name rtsp         set protocol 6         set port 7070     next     edit 8         set name rtsp         set protocol 6         set port 8554     next     edit 9         set name ftp         set protocol 6         set port 21     next     edit 10         set name mms         set protocol 6         set port 1863     next     edit 11         set name pmap         set protocol 6         set port 111     next     edit 12         set name pmap         set protocol 17         set port 111     next     edit 13         set name sip         set protocol 17         set port 5060     next     edit 14         set name dns-udp         set protocol 17         set port 53     next     edit 15         set name rsh         set protocol 6         set port 514     next     edit 16         set name rsh         set protocol 6         set port 512     next     edit 17         set name dcerpc         set protocol 6         set port 135     next     edit 18         set name dcerpc         set protocol 17         set port 135     next     edit 19         set name mgcp         set protocol 17         set port 2427     next     edit 20         set name mgcp         set protocol 17         set port 2727     next end config system auto-install     set auto-install-config enable     set auto-install-image enable end config system ntp     set ntpsync enable end end config vdom edit root config system object-tagging     edit "default"     next end config system settings     set opmode transparent     set inspection-mode flow     set manageip 1.2.3.4/255.255.255.255 end config system arp-table     edit 1         set ip 10.10.8.20         set mac 00:00:5e:00:01:01     next end config system replacemsg-group     edit "default"         set comment "Default replacement message group."     next end config firewall address     edit "none"         set uuid cae1ac5c-24b8-51e9-4a4a-f39269ee6530         set subnet 0.0.0.0 255.255.255.255     next     edit "autoupdate.opera.com"         set uuid cae1cbe2-24b8-51e9-1501-4730e1f94b07         set type fqdn         set fqdn "autoupdate.opera.com"     next     edit "google-play"         set uuid cae1edb6-24b8-51e9-1348-aff50933c805         set type fqdn         set fqdn "play.google.com"     next     edit "swscan.apple.com"         set uuid cae20f30-24b8-51e9-7cb5-0933675c142b         set type fqdn         set fqdn "swscan.apple.com"     next     edit "update.microsoft.com"         set uuid cae23078-24b8-51e9-80d0-33ea609fb8ed         set type fqdn         set fqdn "update.microsoft.com"     next     edit "all"         set uuid cc4d63ec-24b8-51e9-f602-bb0550e363bb     next     edit "FIREWALL_AUTH_PORTAL_ADDRESS"         set uuid cc4d6af4-24b8-51e9-8d3e-232d5c35bb80         set visibility disable     next end config firewall multicast-address     edit "all_hosts"         set start-ip 224.0.0.1         set end-ip 224.0.0.1     next     edit "all_routers"         set start-ip 224.0.0.2         set end-ip 224.0.0.2     next     edit "Bonjour"         set start-ip 224.0.0.251         set end-ip 224.0.0.251     next     edit "EIGRP"         set start-ip 224.0.0.10         set end-ip 224.0.0.10     next     edit "OSPF"         set start-ip 224.0.0.5         set end-ip 224.0.0.6     next     edit "all"         set start-ip 224.0.0.0         set end-ip 239.255.255.255     next end config firewall address6     edit "all"         set uuid cae25422-24b8-51e9-017c-e778c7763bc1     next     edit "none"         set uuid cae26f20-24b8-51e9-45ae-ab92bf6fe545         set ip6 ::/128     next end config firewall multicast-address6     edit "all"         set ip6 ff00::/8     next end config firewall service category     edit "General"         set comment "General services."     next     edit "Web Access"         set comment "Web access."     next     edit "File Access"         set comment "File access."     next     edit "Email"         set comment "Email services."     next     edit "Network Services"         set comment "Network services."     next     edit "Authentication"         set comment "Authentication service."     next     edit "Remote Access"         set comment "Remote access."     next     edit "Tunneling"         set comment "Tunneling service."     next     edit "VoIP, Messaging & Other Applications"         set comment "VoIP, messaging, and other applications."     next     edit "Web Proxy"         set comment "Explicit web proxy."     next end config firewall service custom     edit "ALL"         set category "General"         set protocol IP     next     edit "ALL_TCP"         set category "General"         set tcp-portrange 1-65535     next     edit "ALL_UDP"         set category "General"         set udp-portrange 1-65535     next     edit "ALL_ICMP"         set category "General"         set protocol ICMP         unset icmptype     next     edit "ALL_ICMP6"         set category "General"         set protocol ICMP6         unset icmptype     next     edit "GRE"         set category "Tunneling"         set protocol IP         set protocol-number 47     next     edit "AH"         set category "Tunneling"         set protocol IP         set protocol-number 51     next     edit "ESP"         set category "Tunneling"         set protocol IP         set protocol-number 50     next     edit "AOL"         set visibility disable         set tcp-portrange 5190-5194     next     edit "BGP"         set category "Network Services"         set tcp-portrange 179     next     edit "DHCP"         set category "Network Services"         set udp-portrange 67-68     next     edit "DNS"         set category "Network Services"         set tcp-portrange 53         set udp-portrange 53     next     edit "FINGER"         set visibility disable         set tcp-portrange 79     next     edit "FTP"         set category "File Access"         set tcp-portrange 21     next     edit "FTP_GET"         set category "File Access"         set tcp-portrange 21     next     edit "FTP_PUT"         set category "File Access"         set tcp-portrange 21     next     edit "GOPHER"         set visibility disable         set tcp-portrange 70     next     edit "H323"         set category "VoIP, Messaging & Other Applications"         set tcp-portrange 1720 1503         set udp-portrange 1719     next     edit "HTTP"         set category "Web Access"         set tcp-portrange 80     next     edit "HTTPS"         set category "Web Access"         set tcp-portrange 443     next     edit "IKE"         set category "Tunneling"         set udp-portrange 500 4500     next     edit "IMAP"         set category "Email"         set tcp-portrange 143     next     edit "IMAPS"         set category "Email"         set tcp-portrange 993     next     edit "Internet-Locator-Service"         set visibility disable         set tcp-portrange 389     next     edit "IRC"         set category "VoIP, Messaging & Other Applications"         set tcp-portrange 6660-6669     next     edit "L2TP"         set category "Tunneling"         set tcp-portrange 1701         set udp-portrange 1701     next     edit "LDAP"         set category "Authentication"         set tcp-portrange 389     next     edit "NetMeeting"         set visibility disable         set tcp-portrange 1720     next     edit "NFS"         set category "File Access"         set tcp-portrange 111 2049         set udp-portrange 111 2049     next     edit "NNTP"         set visibility disable         set tcp-portrange 119     next     edit "NTP"         set category "Network Services"         set tcp-portrange 123         set udp-portrange 123     next     edit "OSPF"         set category "Network Services"         set protocol IP         set protocol-number 89     next     edit "PC-Anywhere"         set category "Remote Access"         set tcp-portrange 5631         set udp-portrange 5632     next     edit "PING"         set category "Network Services"         set protocol ICMP         set icmptype 8         unset icmpcode     next     edit "TIMESTAMP"         set protocol ICMP         set visibility disable         set icmptype 13         unset icmpcode     next     edit "INFO_REQUEST"         set protocol ICMP         set visibility disable         set icmptype 15         unset icmpcode     next     edit "INFO_ADDRESS"         set protocol ICMP         set visibility disable         set icmptype 17         unset icmpcode     next     edit "ONC-RPC"         set category "Remote Access"         set tcp-portrange 111         set udp-portrange 111     next     edit "DCE-RPC"         set category "Remote Access"         set tcp-portrange 135         set udp-portrange 135     next     edit "POP3"         set category "Email"         set tcp-portrange 110     next     edit "POP3S"         set category "Email"         set tcp-portrange 995     next     edit "PPTP"         set category "Tunneling"         set tcp-portrange 1723     next     edit "QUAKE"         set visibility disable         set udp-portrange 26000 27000 27910 27960     next     edit "RAUDIO"         set visibility disable         set udp-portrange 7070     next     edit "REXEC"         set visibility disable         set tcp-portrange 512     next     edit "RIP"         set category "Network Services"         set udp-portrange 520     next     edit "RLOGIN"         set visibility disable         set tcp-portrange 513:512-1023     next     edit "RSH"         set visibility disable         set tcp-portrange 514:512-1023     next     edit "SCCP"         set category "VoIP, Messaging & Other Applications"         set tcp-portrange 2000     next     edit "SIP"         set category "VoIP, Messaging & Other Applications"         set tcp-portrange 5060         set udp-portrange 5060     next     edit "SIP-MSNmessenger"         set category "VoIP, Messaging & Other Applications"         set tcp-portrange 1863     next     edit "SAMBA"         set category "File Access"         set tcp-portrange 139     next     edit "SMTP"         set category "Email"         set tcp-portrange 25     next     edit "SMTPS"         set category "Email"         set tcp-portrange 465     next     edit "SNMP"         set category "Network Services"         set tcp-portrange 161-162         set udp-portrange 161-162     next     edit "SSH"         set category "Remote Access"         set tcp-portrange 22     next     edit "SYSLOG"         set category "Network Services"         set udp-portrange 514     next     edit "TALK"         set visibility disable         set udp-portrange 517-518     next     edit "TELNET"         set category "Remote Access"         set tcp-portrange 23     next     edit "TFTP"         set category "File Access"         set udp-portrange 69     next     edit "MGCP"         set visibility disable         set udp-portrange 2427 2727     next     edit "UUCP"         set visibility disable         set tcp-portrange 540     next     edit "VDOLIVE"         set visibility disable         set tcp-portrange 7000-7010     next     edit "WAIS"         set visibility disable         set tcp-portrange 210     next     edit "WINFRAME"         set visibility disable         set tcp-portrange 1494 2598     next     edit "X-WINDOWS"         set category "Remote Access"         set tcp-portrange 6000-6063     next     edit "PING6"         set protocol ICMP6         set visibility disable         set icmptype 128         unset icmpcode     next     edit "MS-SQL"         set category "VoIP, Messaging & Other Applications"         set tcp-portrange 1433 1434     next     edit "MYSQL"         set category "VoIP, Messaging & Other Applications"         set tcp-portrange 3306     next     edit "RDP"         set category "Remote Access"         set tcp-portrange 3389     next     edit "VNC"         set category "Remote Access"         set tcp-portrange 5900     next     edit "DHCP6"         set category "Network Services"         set udp-portrange 546 547     next     edit "SQUID"         set category "Tunneling"         set tcp-portrange 3128     next     edit "SOCKS"         set category "Tunneling"         set tcp-portrange 1080         set udp-portrange 1080     next     edit "WINS"         set category "Remote Access"         set tcp-portrange 1512         set udp-portrange 1512     next     edit "RADIUS"         set category "Authentication"         set udp-portrange 1812 1813     next     edit "RADIUS-OLD"         set visibility disable         set udp-portrange 1645 1646     next     edit "CVSPSERVER"         set visibility disable         set tcp-portrange 2401         set udp-portrange 2401     next     edit "AFS3"         set category "File Access"         set tcp-portrange 7000-7009         set udp-portrange 7000-7009     next     edit "TRACEROUTE"         set category "Network Services"         set udp-portrange 33434-33535     next     edit "RTSP"         set category "VoIP, Messaging & Other Applications"         set tcp-portrange 554 7070 8554         set udp-portrange 554     next     edit "MMS"         set visibility disable         set tcp-portrange 1755         set udp-portrange 1024-5000     next     edit "KERBEROS"         set category "Authentication"         set tcp-portrange 88 464         set udp-portrange 88 464     next     edit "LDAP_UDP"         set category "Authentication"         set udp-portrange 389     next     edit "SMB"         set category "File Access"         set tcp-portrange 445     next     edit "NONE"         set visibility disable         set tcp-portrange 0     next     edit "webproxy"         set proxy enable         set category "Web Proxy"         set protocol ALL         set tcp-portrange 0-65535:0-65535     next end config firewall service group     edit "Email Access"         set member "DNS" "IMAP" "IMAPS" "POP3" "POP3S" "SMTP" "SMTPS"     next     edit "Web Access"         set member "DNS" "HTTP" "HTTPS"     next     edit "Windows AD"         set member "DCE-RPC" "DNS" "KERBEROS" "LDAP" "LDAP_UDP" "SAMBA" "SMB"     next     edit "Exchange Server"         set member "DCE-RPC" "DNS" "HTTPS"     next end config webfilter ftgd-local-cat     edit "custom1"         set id 140     next     edit "custom2"         set id 141     next end config ips sensor     edit "all_default"         set comment "All predefined signatures with default setting."         config entries             edit 1             next         end     next     edit "all_default_pass"         set comment "All predefined signatures with PASS action."         config entries             edit 1                 set action pass             next         end     next     edit "protect_http_server"         set comment "Protect against HTTP server-side vulnerabilities."         config entries             edit 1                 set location server                 set protocol HTTP             next         end     next     edit "protect_email_server"         set comment "Protect against email server-side vulnerabilities."         config entries             edit 1                 set location server                 set protocol SMTP POP3 IMAP             next         end     next     edit "protect_client"         set comment "Protect against client-side vulnerabilities."         config entries             edit 1                 set location client             next         end     next     edit "high_security"         set comment "Blocks all Critical/High/Medium and some Low severity vulnerabilities"         config entries             edit 1                 set severity medium high critical                 set status enable                 set action block             next             edit 2                 set severity low             next         end     next end config firewall shaper traffic-shaper     edit "high-priority"         set maximum-bandwidth 1048576         set per-policy enable     next     edit "medium-priority"         set maximum-bandwidth 1048576         set priority medium         set per-policy enable     next     edit "low-priority"         set maximum-bandwidth 1048576         set priority low         set per-policy enable     next     edit "guarantee-100kbps"         set guaranteed-bandwidth 100         set maximum-bandwidth 1048576         set per-policy enable     next     edit "shared-1M-pipe"         set maximum-bandwidth 1024     next end config web-proxy global     set proxy-fqdn "default.fqdn" end config application list     edit "block-high-risk"         config entries             edit 1                 set category 2 6             next             edit 2                 set action pass             next         end     next end config dlp filepattern     edit 1         set name "builtin-patterns"         config entries             edit "*.bat"             next             edit "*.com"             next             edit "*.dll"             next             edit "*.doc"             next             edit "*.exe"             next             edit "*.gz"             next             edit "*.hta"             next             edit "*.ppt"             next             edit "*.rar"             next             edit "*.scr"             next             edit "*.tar"             next             edit "*.tgz"             next             edit "*.vb?"             next             edit "*.wps"             next             edit "*.xl?"             next             edit "*.zip"             next             edit "*.pif"             next             edit "*.cpl"             next         end     next     edit 2         set name "all_executables"         config entries             edit "bat"                 set filter-type type                 set file-type bat             next             edit "exe"                 set filter-type type                 set file-type exe             next             edit "elf"                 set filter-type type                 set file-type elf             next             edit "hta"                 set filter-type type                 set file-type hta             next         end     next end config dlp fp-sensitivity     edit "Private"     next     edit "Critical"     next     edit "Warning"     next end config dlp sensor     edit "Content_Summary"         set summary-proto smtp pop3 imap http-get http-post ftp nntp mapi     next     edit "Content_Archive"         set summary-proto smtp pop3 imap http-get http-post ftp nntp mapi     next     edit "Large-File"         config filter             edit 1                 set name "Large-File-Filter"                 set proto smtp pop3 imap http-get http-post mapi                 set filter-by file-size                 set file-size 5120                 set action log-only             next         end     next     edit "Credit-Card"         config filter             edit 1                 set name "Credit-Card-Filter"                 set severity high                 set proto smtp pop3 imap http-get http-post mapi                 set action log-only             next             edit 2                 set name "Credit-Card-Filter"                 set severity high                 set type message                 set proto smtp pop3 imap http-post mapi                 set action log-only             next         end     next     edit "SSN-Sensor"         set comment "Match SSN numbers but NOT WebEx invite emails."         config filter             edit 1                 set name "SSN-Sensor-Filter"                 set severity high                 set type message                 set proto smtp pop3 imap mapi                 set filter-by regexp                 set regexp "WebEx"             next             edit 2                 set name "SSN-Sensor-Filter"                 set severity high                 set type message                 set proto smtp pop3 imap mapi                 set filter-by ssn                 set action log-only             next             edit 3                 set name "SSN-Sensor-Filter"                 set severity high                 set proto smtp pop3 imap http-get http-post ftp mapi                 set filter-by ssn                 set action log-only             next         end     next end config webfilter ips-urlfilter-setting end config webfilter ips-urlfilter-setting6 end config log threat-weight     config web         edit 1             set category 26             set level high         next         edit 2             set category 61             set level high         next         edit 3             set category 86             set level high         next         edit 4             set category 1             set level medium         next         edit 5             set category 3             set level medium         next         edit 6             set category 4             set level medium         next         edit 7             set category 5             set level medium         next         edit 8             set category 6             set level medium         next         edit 9             set category 12             set level medium         next         edit 10             set category 59             set level medium         next         edit 11             set category 62             set level medium         next         edit 12             set category 83             set level medium         next         edit 13             set category 72         next         edit 14             set category 14         next     end     config application         edit 1             set category 2         next         edit 2             set category 6             set level medium         next     end end config icap profile     edit "default"     next end config vpn certificate ca end config vpn certificate local     edit "Fortinet_CA_SSL"         set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."         set range global         set source factory         set last-updated 1548871170     next     edit "Fortinet_CA_Untrusted"         set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."         set range global         set source factory         set last-updated 1548871170     next     edit "Fortinet_SSL"         set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "         set range global         set source factory         set last-updated 1548871170     next     edit "Fortinet_SSL_RSA1024"         set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "         set range global         set source factory         set last-updated 1548871170     next     edit "Fortinet_SSL_RSA2048"         set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "         set range global         set source factory         set last-updated 1548871170     next     edit "Fortinet_SSL_DSA1024"         set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "         set range global         set source factory         set last-updated 1548871170     next     edit "Fortinet_SSL_DSA2048"         set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "         set range global         set source factory         set last-updated 1548871170     next     edit "Fortinet_SSL_ECDSA256"         set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "         set range global         set source factory         set last-updated 1548871170     next     edit "Fortinet_SSL_ECDSA384"         set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "         set range global         set source factory         set last-updated 1548871170     next end config user local     edit "guest"         set type password         set passwd-time 2019-01-30 09:59:33         set passwd ENC 4yXkMLI0bA9zthpLoccLu8ct91zCs9bnXJnySBVrWSLkgmDIBTVaNgXLp+wJznWG1+arhWZuiH9ECUIU2SsovMkXhmUPWDjN52XJU09CaVfNZyFprqt/pF6Vts6Hhqlc3MciyjpAXU4yS1P7KpGfNaXUFKeKlfRYePwEqOhm4w0io5fSj10TMTInlokzOeuhMAquIw==     next end config user setting     set auth-cert "Fortinet_Factory" end config user group     edit "SSO_Guest_Users"     next     edit "Guest-group"         set member "guest"     next end config user device-group     edit "Mobile Devices"         set member "android-phone" "android-tablet" "blackberry-phone" "blackberry-playbook" "ipad" "iphone" "windows-phone" "windows-tablet"         set comment "Phones, tablets, etc."     next     edit "Network Devices"         set member "fortinet-device" "other-network-device" "router-nat-device"         set comment "Routers, firewalls, gateways, etc."     next     edit "Others"         set member "gaming-console" "media-streaming"         set comment "Other devices."     next end config voip profile     edit "default"         set comment "Default VoIP profile."     next     edit "strict"         config sip             set malformed-request-line discard             set malformed-header-via discard             set malformed-header-from discard             set malformed-header-to discard             set malformed-header-call-id discard             set malformed-header-cseq discard             set malformed-header-rack discard             set malformed-header-rseq discard             set malformed-header-contact discard             set malformed-header-record-route discard             set malformed-header-route discard             set malformed-header-expires discard             set malformed-header-content-type discard             set malformed-header-content-length discard             set malformed-header-max-forwards discard             set malformed-header-allow discard             set malformed-header-p-asserted-identity discard             set malformed-header-sdp-v discard             set malformed-header-sdp-o discard             set malformed-header-sdp-s discard             set malformed-header-sdp-i discard             set malformed-header-sdp-c discard             set malformed-header-sdp-b discard             set malformed-header-sdp-z discard             set malformed-header-sdp-k discard             set malformed-header-sdp-a discard             set malformed-header-sdp-t discard             set malformed-header-sdp-r discard             set malformed-header-sdp-m discard         end     next end config webfilter profile     edit "monitor-all"         set comment "Monitor and log all visited URLs, flow-based."         set inspection-mode flow-based         config ftgd-wf             unset options             config filters                 edit 1                     set category 1                 next                 edit 2                     set category 3                 next                 edit 3                     set category 4                 next                 edit 4                     set category 5                 next                 edit 5                     set category 6                 next                 edit 6                     set category 12                 next                 edit 7                     set category 59                 next                 edit 8                     set category 62                 next                 edit 9                     set category 83                 next                 edit 10                     set category 2                 next                 edit 11                     set category 7                 next                 edit 12                     set category 8                 next                 edit 13                     set category 9                 next                 edit 14                     set category 11                 next                 edit 15                     set category 13                 next                 edit 16                     set category 14                 next                 edit 17                     set category 15                 next                 edit 18                     set category 16                 next                 edit 19                     set category 57                 next                 edit 20                     set category 63                 next                 edit 21                     set category 64                 next                 edit 22                     set category 65                 next                 edit 23                     set category 66                 next                 edit 24                     set category 67                 next                 edit 25                     set category 19                 next                 edit 26                     set category 24                 next                 edit 27                     set category 25                 next                 edit 28                     set category 72                 next                 edit 29                     set category 75                 next                 edit 30                     set category 76                 next                 edit 31                     set category 26                 next                 edit 32                     set category 61                 next                 edit 33                     set category 86                 next                 edit 34                     set category 17                 next                 edit 35                     set category 18                 next                 edit 36                     set category 20                 next                 edit 37                     set category 23                 next                 edit 38                     set category 28                 next                 edit 39                     set category 29                 next                 edit 40                     set category 30                 next                 edit 41                     set category 33                 next                 edit 42                     set category 34                 next                 edit 43                     set category 35                 next                 edit 44                     set category 36                 next                 edit 45                     set category 37                 next                 edit 46                     set category 38                 next                 edit 47                     set category 39                 next                 edit 48                     set category 40                 next                 edit 49                     set category 42                 next                 edit 50                     set category 44                 next                 edit 51                     set category 46                 next                 edit 52                     set category 47                 next                 edit 53                     set category 48                 next                 edit 54                     set category 54                 next                 edit 55                     set category 55                 next                 edit 56                     set category 58                 next                 edit 57                     set category 68                 next                 edit 58                     set category 69                 next                 edit 59                     set category 70                 next                 edit 60                     set category 71                 next                 edit 61                     set category 77                 next                 edit 62                     set category 78                 next                 edit 63                     set category 79                 next                 edit 64                     set category 80                 next                 edit 65                     set category 82                 next                 edit 66                     set category 85                 next                 edit 67                     set category 87                 next                 edit 68                     set category 31                 next                 edit 69                     set category 41                 next                 edit 70                     set category 43                 next                 edit 71                     set category 49                 next                 edit 72                     set category 50                 next                 edit 73                     set category 51                 next                 edit 74                     set category 52                 next                 edit 75                     set category 53                 next                 edit 76                     set category 56                 next                 edit 77                     set category 81                 next                 edit 78                     set category 84                 next                 edit 79                 next                 edit 80                     set category 88                 next                 edit 81                     set category 89                 next                 edit 82                     set category 90                 next                 edit 83                     set category 91                 next                 edit 84                     set category 92                 next                 edit 85                     set category 93                 next                 edit 86                     set category 94                 next                 edit 87                     set category 95                 next             end         end         set log-all-url enable         set web-content-log disable         set web-filter-activex-log disable         set web-filter-command-block-log disable         set web-filter-cookie-log disable         set web-filter-applet-log disable         set web-filter-jscript-log disable         set web-filter-js-log disable         set web-filter-vbs-log disable         set web-filter-unknown-log disable         set web-filter-referer-log disable         set web-filter-cookie-removal-log disable         set web-url-log disable         set web-invalid-domain-log disable         set web-ftgd-err-log disable         set web-ftgd-quota-usage disable     next end config webfilter search-engine     edit "google"         set hostname ".*\\.google\\..*"         set url "^\\/((custom|search|images|videosearch|webhp)\\?)"         set query "q="         set safesearch url         set safesearch-str "&safe=active"     next     edit "yahoo"         set hostname ".*\\.yahoo\\..*"         set url "^\\/search(\\/video|\\/images){0,1}(\\?|;)"         set query "p="         set safesearch url         set safesearch-str "&vm=r"     next     edit "bing"         set hostname ".*\\.bing\\..*"         set url "^(\\/images|\\/videos)?(\\/search|\\/async|\\/asyncv2)\\?"         set query "q="         set safesearch header     next     edit "yandex"         set hostname "yandex\\..*"         set url "^\\/((yand|images\\/|video\\/)(search)|search\\/)\\?"         set query "text="         set safesearch url         set safesearch-str "&family=yes"     next     edit "youtube"         set hostname ".*youtube.*"         set safesearch header     next     edit "baidu"         set hostname ".*\\.baidu\\.com"         set url "^\\/s?\\?"         set query "wd="     next     edit "baidu2"         set hostname ".*\\.baidu\\.com"         set url "^\\/(ns|q|m|i|v)\\?"         set query "word="     next     edit "baidu3"         set hostname "tieba\\.baidu\\.com"         set url "^\\/f\\?"         set query "kw="     next end config dnsfilter profile     edit "default"         set comment "Default dns filtering."         config ftgd-dns             config filters                 edit 1                     set category 2                 next                 edit 2                     set category 7                 next                 edit 3                     set category 8                 next                 edit 4                     set category 9                 next                 edit 5                     set category 11                 next                 edit 6                     set category 12                 next                 edit 7                     set category 13                 next                 edit 8                     set category 14                 next                 edit 9                     set category 15                 next                 edit 10                     set category 16                 next                 edit 11                 next                 edit 12                     set category 57                 next                 edit 13                     set category 63                 next                 edit 14                     set category 64                 next                 edit 15                     set category 65                 next                 edit 16                     set category 66                 next                 edit 17                     set category 67                 next                 edit 18                     set category 26                     set action block                 next                 edit 19                     set category 61                     set action block                 next                 edit 20                     set category 86                     set action block                 next                 edit 21                     set category 88                     set action block                 next                 edit 22                     set category 90                     set action block                 next                 edit 23                     set category 91                     set action block                 next             end         end         set block-botnet enable     next end config antivirus settings     set grayware enable end config spamfilter profile     edit "default"         set comment "Malware and phishing URL filtering."     next     edit "sniffer-profile"         set comment "Malware and phishing URL monitoring."         set flow-based enable     next end config firewall schedule recurring     edit "always"         set day sunday monday tuesday wednesday thursday friday saturday     next     edit "none"     next end config firewall profile-protocol-options     edit "default"         set comment "All default services."         config http             set ports 80             unset options             unset post-lang         end         config ftp             set ports 21             set options splice         end         config imap             set ports 143             set options fragmail         end         config mapi             set ports 135             set options fragmail         end         config pop3             set ports 110             set options fragmail         end         config smtp             set ports 25             set options fragmail splice         end         config nntp             set ports 119             set options splice         end         config dns             set ports 53         end     next end config firewall ssl-ssh-profile     edit "certificate-inspection"         set comment "Read-only SSL handshake inspection profile."         config https             set ports 443             set status certificate-inspection         end         config ftps             set status disable         end         config imaps             set status disable         end         config pop3s             set status disable         end         config smtps             set status disable         end         config ssh             set ports 22             set status disable         end     next     edit "deep-inspection"         set comment "Read-only deep inspection profile."         config https             set ports 443         end         config ftps             set ports 990         end         config imaps             set ports 993         end         config pop3s             set ports 995         end         config smtps             set ports 465         end         config ssh             set ports 22         end         config ssl-exempt             edit 1                 set fortiguard-category 31             next             edit 2                 set fortiguard-category 33             next             edit 3                 set type address                 set address "google-play"             next             edit 4                 set type address                 set address "update.microsoft.com"             next             edit 5                 set type address                 set address "swscan.apple.com"             next             edit 6                 set type address                 set address "autoupdate.opera.com"             next             edit 7                 set type wildcard-fqdn                 set wildcard-fqdn "g-android"             next             edit 8                 set type wildcard-fqdn                 set wildcard-fqdn "g-apple"             next             edit 9                 set type wildcard-fqdn                 set wildcard-fqdn "g-appstore"             next             edit 10                 set type wildcard-fqdn                 set wildcard-fqdn "g-citrix"             next             edit 11                 set type wildcard-fqdn                 set wildcard-fqdn "g-eease"             next             edit 12                 set type wildcard-fqdn                 set wildcard-fqdn "g-google-drive"             next             edit 13                 set type wildcard-fqdn                 set wildcard-fqdn "g-google-play2"             next             edit 14                 set type wildcard-fqdn                 set wildcard-fqdn "g-google-play3"             next             edit 15                 set type wildcard-fqdn                 set wildcard-fqdn "g-Gotomeeting"             next             edit 16                 set type wildcard-fqdn                 set wildcard-fqdn "g-microsoft"             next             edit 17                 set type wildcard-fqdn                 set wildcard-fqdn "g-adobe"             next             edit 18                 set type wildcard-fqdn                 set wildcard-fqdn "g-Adobe Login"             next             edit 19                 set type wildcard-fqdn                 set wildcard-fqdn "g-dropbox.com"             next             edit 20                 set type wildcard-fqdn                 set wildcard-fqdn "g-fortinet"             next             edit 21                 set type wildcard-fqdn                 set wildcard-fqdn "g-googleapis.com"             next             edit 22                 set type wildcard-fqdn                 set wildcard-fqdn "g-icloud"             next             edit 23                 set type wildcard-fqdn                 set wildcard-fqdn "g-itunes"             next             edit 24                 set type wildcard-fqdn                 set wildcard-fqdn "g-skype"             next             edit 25                 set type wildcard-fqdn                 set wildcard-fqdn "g-verisign"             next             edit 26                 set type wildcard-fqdn                 set wildcard-fqdn "g-Windows update 2"             next             edit 27                 set type wildcard-fqdn                 set wildcard-fqdn "g-auth.gfx.ms"             next             edit 28                 set type wildcard-fqdn                 set wildcard-fqdn "g-softwareupdate.vmware.com"             next             edit 29                 set type wildcard-fqdn                 set wildcard-fqdn "g-firefox update server"             next             edit 30                 set type wildcard-fqdn                 set wildcard-fqdn "g-live.com"             next         end     next     edit "custom-deep-inspection"         set comment "Customizable deep inspection profile."         config https             set ports 443         end         config ftps             set ports 990         end         config imaps             set ports 993         end         config pop3s             set ports 995         end         config smtps             set ports 465         end         config ssh             set ports 22         end         config ssl-exempt             edit 1                 set fortiguard-category 31             next             edit 2                 set fortiguard-category 33             next             edit 3                 set type address                 set address "google-play"             next             edit 4                 set type address                 set address "update.microsoft.com"             next             edit 5                 set type address                 set address "swscan.apple.com"             next             edit 6                 set type address                 set address "autoupdate.opera.com"             next             edit 7                 set type wildcard-fqdn                 set wildcard-fqdn "g-android"             next             edit 8                 set type wildcard-fqdn                 set wildcard-fqdn "g-apple"             next             edit 9                 set type wildcard-fqdn                 set wildcard-fqdn "g-appstore"             next             edit 10                 set type wildcard-fqdn                 set wildcard-fqdn "g-citrix"             next             edit 11                 set type wildcard-fqdn                 set wildcard-fqdn "g-eease"             next             edit 12                 set type wildcard-fqdn                 set wildcard-fqdn "g-google-drive"             next             edit 13                 set type wildcard-fqdn                 set wildcard-fqdn "g-google-play2"             next             edit 14                 set type wildcard-fqdn                 set wildcard-fqdn "g-google-play3"             next             edit 15                 set type wildcard-fqdn                 set wildcard-fqdn "g-Gotomeeting"             next             edit 16                 set type wildcard-fqdn                 set wildcard-fqdn "g-microsoft"             next             edit 17                 set type wildcard-fqdn                 set wildcard-fqdn "g-adobe"             next             edit 18                 set type wildcard-fqdn                 set wildcard-fqdn "g-Adobe Login"             next             edit 19                 set type wildcard-fqdn                 set wildcard-fqdn "g-dropbox.com"             next             edit 20                 set type wildcard-fqdn                 set wildcard-fqdn "g-fortinet"             next             edit 21                 set type wildcard-fqdn                 set wildcard-fqdn "g-googleapis.com"             next             edit 22                 set type wildcard-fqdn                 set wildcard-fqdn "g-icloud"             next             edit 23                 set type wildcard-fqdn                 set wildcard-fqdn "g-itunes"             next             edit 24                 set type wildcard-fqdn                 set wildcard-fqdn "g-skype"             next             edit 25                 set type wildcard-fqdn                 set wildcard-fqdn "g-verisign"             next             edit 26                 set type wildcard-fqdn                 set wildcard-fqdn "g-Windows update 2"             next             edit 27                 set type wildcard-fqdn                 set wildcard-fqdn "g-auth.gfx.ms"             next             edit 28                 set type wildcard-fqdn                 set wildcard-fqdn "g-softwareupdate.vmware.com"             next             edit 29                 set type wildcard-fqdn                 set wildcard-fqdn "g-firefox update server"             next             edit 30                 set type wildcard-fqdn                 set wildcard-fqdn "g-live.com"             next         end     next end config waf profile     edit "default"         config signature             config main-class 100000000                 set action block                 set severity high             end             config main-class 20000000             end             config main-class 30000000                 set status enable                 set action block                 set severity high             end             config main-class 40000000             end             config main-class 50000000                 set status enable                 set action block                 set severity high             end             config main-class 60000000             end             config main-class 70000000                 set status enable                 set action block                 set severity high             end             config main-class 80000000                 set status enable                 set severity low             end             config main-class 110000000                 set status enable                 set severity high             end             config main-class 90000000                 set status enable                 set action block                 set severity high             end             set disabled-signature 80080005 80200001 60030001 60120001 80080003 90410001 90410002         end         config constraint             config header-length                 set status enable                 set log enable                 set severity low             end             config content-length                 set status enable                 set log enable                 set severity low             end             config param-length                 set status enable                 set log enable                 set severity low             end             config line-length                 set status enable                 set log enable                 set severity low             end             config url-param-length                 set status enable                 set log enable                 set severity low             end             config version                 set log enable             end             config method                 set action block                 set log enable             end             config hostname                 set action block                 set log enable             end             config malformed                 set log enable             end             config max-cookie                 set status enable                 set log enable                 set severity low             end             config max-header-line                 set status enable                 set log enable                 set severity low             end             config max-url-param                 set status enable                 set log enable                 set severity low             end             config max-range-segment                 set status enable                 set log enable                 set severity high             end         end     next end config firewall policy     edit 1         set name "wan1 - wan2"         set uuid 586d680e-24cd-51e9-8225-da33c4eb7a32         set srcintf "wan1"         set dstintf "wan2"         set srcaddr "all"         set dstaddr "all"         set action accept         set schedule "always"         set service "ALL"         set logtraffic all         set fsso disable     next     edit 2         set name "wan1 - wan3"         set uuid 672dc3a2-24cd-51e9-9a15-9565737f16cf         set srcintf "wan1"         set dstintf "lan5"         set srcaddr "all"         set dstaddr "all"         set action accept         set schedule "always"         set service "ALL"         set logtraffic all         set fsso disable     next     edit 3         set name "wan1 - lan"         set uuid 78c46738-24cd-51e9-b0c4-b493e3e657f6         set srcintf "wan1"         set dstintf "lan4"         set srcaddr "all"         set dstaddr "all"         set action accept         set schedule "always"         set service "ALL"         set logtraffic all         set fsso disable     next     edit 4         set name "wan2 - wan1"         set uuid 90d9b27e-24cd-51e9-791a-3466f12c6646         set srcintf "wan2"         set dstintf "wan1"         set srcaddr "all"         set dstaddr "all"         set action accept         set schedule "always"         set service "ALL"         set logtraffic all         set fsso disable     next     edit 5         set name "wan2 - wan3"         set uuid a05ac418-24cd-51e9-1c51-2156ceba4be1         set srcintf "wan2"         set dstintf "lan5"         set srcaddr "all"         set dstaddr "all"         set action accept         set schedule "always"         set service "ALL"         set logtraffic all         set fsso disable     next     edit 6         set name "wan2 - Lan"         set uuid b25c2ba2-24cd-51e9-c160-2c9f219453cf         set srcintf "wan2"         set dstintf "lan4"         set srcaddr "all"         set dstaddr "all"         set action accept         set schedule "always"         set service "ALL"         set logtraffic all         set fsso disable     next     edit 7         set name "wan3 - wan1"         set uuid d58f6d50-24cd-51e9-6858-e3712736e18c         set srcintf "lan5"         set dstintf "wan1"         set srcaddr "all"         set dstaddr "all"         set action accept         set schedule "always"         set service "ALL"         set logtraffic all         set fsso disable     next     edit 8         set name "wan3 - wan2"         set uuid e2be089c-24cd-51e9-5612-4ef74be60da4         set srcintf "lan5"         set dstintf "wan2"         set srcaddr "all"         set dstaddr "all"         set action accept         set schedule "always"         set service "ALL"         set logtraffic all         set fsso disable     next     edit 9         set name "wan3 - Lan"         set uuid fc49c6fc-24cd-51e9-19a7-122a98c8094f         set srcintf "lan5"         set dstintf "lan4"         set srcaddr "all"         set dstaddr "all"         set action accept         set schedule "always"         set service "ALL"         set logtraffic all         set fsso disable     next     edit 10         set name "Lan - wan1"         set uuid 14da46b0-24ce-51e9-e01b-566a56d998d8         set srcintf "lan4"         set dstintf "wan1"         set srcaddr "all"         set dstaddr "all"         set action accept         set schedule "always"         set service "ALL"         set logtraffic all         set fsso disable     next     edit 11         set name "Lan - wan2"         set uuid 23227896-24ce-51e9-758a-cfaac3663dda         set srcintf "lan4"         set dstintf "wan2"         set srcaddr "all"         set dstaddr "all"         set action accept         set schedule "always"         set service "ALL"         set logtraffic all         set fsso disable     next     edit 12         set name "Lan - wan3"         set uuid 31d7bbd0-24ce-51e9-7f85-ed851283863d         set srcintf "lan4"         set dstintf "lan5"         set srcaddr "all"         set dstaddr "all"         set action accept         set schedule "always"         set service "ALL"         set logtraffic all         set fsso disable     next end config firewall multicast-policy     edit 1         set srcintf "any"         set dstintf "any"         set srcaddr "all"         set dstaddr "all"     next end config firewall ssh setting     set caname "g-Fortinet_SSH_CA"     set untrusted-caname "g-Fortinet_SSH_CA_Untrusted"     set hostkey-rsa2048 "g-Fortinet_SSH_RSA2048"     set hostkey-dsa1024 "g-Fortinet_SSH_DSA1024"     set hostkey-ecdsa256 "g-Fortinet_SSH_ECDSA256"     set hostkey-ecdsa384 "g-Fortinet_SSH_ECDSA384"     set hostkey-ecdsa521 "g-Fortinet_SSH_ECDSA521"     set hostkey-ed25519 "g-Fortinet_SSH_ED25519" end config endpoint-control profile     edit "default"         config forticlient-winmac-settings         end         config forticlient-android-settings         end         config forticlient-ios-settings         end     next end config wireless-controller wids-profile     edit "default"         set comment "Default WIDS profile."         set ap-scan enable         set wireless-bridge enable         set deauth-broadcast enable         set null-ssid-probe-resp enable         set long-duration-attack enable         set invalid-mac-oui enable         set weak-wep-iv enable         set auth-frame-flood enable         set assoc-frame-flood enable         set spoofed-deauth enable         set asleap-attack enable         set eapol-start-flood enable         set eapol-logoff-flood enable         set eapol-succ-flood enable         set eapol-fail-flood enable         set eapol-pre-succ-flood enable         set eapol-pre-fail-flood enable     next     edit "default-wids-apscan-enabled"         set ap-scan enable     next end config wireless-controller wtp-profile     edit "FAPU323EV-default"         config platform             set type U323EV         end         set handoff-sta-thresh 30         config radio-1             set band 802.11n         end         config radio-2             set band 802.11ac         end     next     edit "FAPU321EV-default"         config platform             set type U321EV         end         set handoff-sta-thresh 30         config radio-1             set band 802.11n         end         config radio-2             set band 802.11ac         end     next     edit "FAPU24JEV-default"         config platform             set type U24JEV         end         set handoff-sta-thresh 30         config radio-1             set band 802.11n         end         config radio-2             set band 802.11ac         end     next     edit "FAPU223EV-default"         config platform             set type U223EV         end         set handoff-sta-thresh 30         config radio-1             set band 802.11n         end         config radio-2             set band 802.11ac         end     next     edit "FAPU221EV-default"         config platform             set type U221EV         end         set handoff-sta-thresh 30         config radio-1             set band 802.11n         end         config radio-2             set band 802.11ac         end     next     edit "FAPU423E-default"         config platform             set type U423E         end         set handoff-sta-thresh 30         config radio-1             set band 802.11n         end         config radio-2             set band 802.11ac         end     next     edit "FAPU422EV-default"         config platform             set type U422EV         end         set handoff-sta-thresh 30         config radio-1             set band 802.11n         end         config radio-2             set band 802.11ac         end     next     edit "FAPU421E-default"         config platform             set type U421E         end         set handoff-sta-thresh 30         config radio-1             set band 802.11n         end         config radio-2             set band 802.11ac         end     next     edit "FAPS223E-default"         config platform             set type S223E         end         set handoff-sta-thresh 55         config radio-1             set band 802.11n,g-only         end         config radio-2             set band 802.11ac         end     next     edit "FAPS221E-default"         config platform             set type S221E         end         set handoff-sta-thresh 55         config radio-1             set band 802.11n,g-only         end         config radio-2             set band 802.11ac         end     next     edit "FAP224E-default"         config platform             set type 224E         end         set handoff-sta-thresh 55         config radio-1             set band 802.11n,g-only         end         config radio-2             set band 802.11ac         end     next     edit "FAP223E-default"         config platform             set type 223E         end         set handoff-sta-thresh 55         config radio-1             set band 802.11n,g-only         end         config radio-2             set band 802.11ac         end     next     edit "FAP222E-default"         config platform             set type 222E         end         set handoff-sta-thresh 55         config radio-1             set band 802.11n,g-only         end         config radio-2             set band 802.11ac         end     next     edit "FAP221E-default"         config platform             set type 221E         end         set handoff-sta-thresh 55         config radio-1             set band 802.11n,g-only         end         config radio-2             set band 802.11ac         end     next     edit "FAP423E-default"         config platform             set type 423E         end         set handoff-sta-thresh 55         config radio-1             set band 802.11n,g-only         end         config radio-2             set band 802.11ac         end     next     edit "FAP421E-default"         config platform             set type 421E         end         set handoff-sta-thresh 55         config radio-1             set band 802.11n,g-only         end         config radio-2             set band 802.11ac         end     next     edit "FAPS423E-default"         config platform             set type S423E         end         set handoff-sta-thresh 55         config radio-1             set band 802.11n,g-only         end         config radio-2             set band 802.11ac         end     next     edit "FAPS422E-default"         config platform             set type S422E         end         set handoff-sta-thresh 55         config radio-1             set band 802.11n,g-only         end         config radio-2             set band 802.11ac         end     next     edit "FAPS421E-default"         config platform             set type S421E         end         set handoff-sta-thresh 55         config radio-1             set band 802.11n,g-only         end         config radio-2             set band 802.11ac         end     next     edit "FAPS323CR-default"         config platform             set type S323CR         end         set handoff-sta-thresh 30         config radio-1             set band 802.11n,g-only         end         config radio-2             set band 802.11ac         end     next     edit "FAPS322CR-default"         config platform             set type S322CR         end         set handoff-sta-thresh 30         config radio-1             set band 802.11n,g-only         end         config radio-2             set band 802.11ac         end     next     edit "FAPS321CR-default"         config platform             set type S321CR         end         set handoff-sta-thresh 30         config radio-1             set band 802.11n,g-only         end         config radio-2             set band 802.11ac         end     next     edit "FAPS313C-default"         config platform             set type S313C         end         set handoff-sta-thresh 30         config radio-1             set band 802.11ac         end     next     edit "FAPS311C-default"         config platform             set type S311C         end         set handoff-sta-thresh 30         config radio-1             set band 802.11ac         end     next     edit "FAPS323C-default"         config platform             set type S323C         end         set handoff-sta-thresh 30         config radio-1             set band 802.11n,g-only         end         config radio-2             set band 802.11ac         end     next     edit "FAPS322C-default"         config platform             set type S322C         end         set handoff-sta-thresh 30         config radio-1             set band 802.11n,g-only         end         config radio-2             set band 802.11ac         end     next     edit "FAPS321C-default"         config platform             set type S321C         end         set handoff-sta-thresh 30         config radio-1             set band 802.11n,g-only         end         config radio-2             set band 802.11ac         end     next     edit "FAP321C-default"         config platform             set type 321C         end         set handoff-sta-thresh 30         config radio-1             set band 802.11n,g-only         end         config radio-2             set band 802.11ac         end     next     edit "FAP223C-default"         config platform             set type 223C         end         set handoff-sta-thresh 30         config radio-1             set band 802.11n,g-only         end         config radio-2             set band 802.11ac         end     next     edit "FAP112D-default"         config platform             set type 112D         end         set handoff-sta-thresh 30         config radio-1             set band 802.11n,g-only         end     next     edit "FAP24D-default"         config platform             set type 24D         end         set handoff-sta-thresh 30         config radio-1             set band 802.11n,g-only         end     next     edit "FAP21D-default"         config platform             set type 21D         end         set handoff-sta-thresh 30         config radio-1             set band 802.11n,g-only         end     next     edit "FK214B-default"         config platform             set type 214B         end         set handoff-sta-thresh 30         config radio-1             set band 802.11n,g-only         end     next     edit "FAP224D-default"         config platform             set type 224D         end         set handoff-sta-thresh 30         config radio-1             set band 802.11n-5G         end         config radio-2             set band 802.11n,g-only         end     next     edit "FAP222C-default"         config platform             set type 222C         end         set handoff-sta-thresh 30         config radio-1             set band 802.11n,g-only         end         config radio-2             set band 802.11ac         end     next     edit "FAP25D-default"         config platform             set type 25D         end         set handoff-sta-thresh 30         config radio-1             set band 802.11n,g-only         end     next     edit "FAP221C-default"         config platform             set type 221C         end         set handoff-sta-thresh 30         config radio-1             set band 802.11n,g-only         end         config radio-2             set band 802.11ac         end     next     edit "FAP320C-default"         config platform             set type 320C         end         set handoff-sta-thresh 30         config radio-1             set band 802.11n,g-only         end         config radio-2             set band 802.11ac         end     next     edit "FAP28C-default"         config platform             set type 28C         end         set handoff-sta-thresh 30         config radio-1             set band 802.11n,g-only         end     next     edit "FAP223B-default"         config platform             set type 223B         end         set handoff-sta-thresh 30         config radio-1             set band 802.11n-5G         end         config radio-2             set band 802.11n,g-only         end     next     edit "FAP14C-default"         config platform             set type 14C         end         set handoff-sta-thresh 30         config radio-1             set band 802.11n,g-only         end     next     edit "FAP11C-default"         config platform             set type 11C         end         set handoff-sta-thresh 30         config radio-1             set band 802.11n,g-only         end     next     edit "FAP320B-default"         config platform             set type 320B         end         set handoff-sta-thresh 30         config radio-1             set band 802.11n-5G         end         config radio-2             set band 802.11n,g-only         end     next     edit "FAP112B-default"         config platform             set type 112B         end         set handoff-sta-thresh 30         config radio-1             set band 802.11n,g-only         end     next     edit "FAP222B-default"         config platform             set type 222B         end         set handoff-sta-thresh 30         config radio-1             set band 802.11n,g-only         end         config radio-2             set band 802.11n-5G         end     next     edit "FAP210B-default"         config platform             set type 210B         end         set handoff-sta-thresh 30         config radio-1             set band 802.11n,g-only         end     next     edit "FAP220B-default"         set handoff-sta-thresh 30         config radio-1             set band 802.11n-5G         end         config radio-2             set band 802.11n,g-only         end     next     edit "AP-11N-default"         config platform             set type AP-11N         end         set handoff-sta-thresh 30         config radio-1             set band 802.11n,g-only         end     next end config log memory setting     set status enable end config log null-device setting     set status disable end config system mac-address-table     edit 00:00:5e:00:01:01         set interface "wan1"     next end config router static     edit 1     next end config router static6     edit 1     next end end config vdom edit MGMT config system object-tagging     edit "default"     next end config system settings     set inspection-mode flow end config system replacemsg-group     edit "default"         set comment "Default replacement message group."     next end config firewall address     edit "none"         set uuid 0278b92c-24b8-51e9-487e-4936a98070df         set subnet 0.0.0.0 255.255.255.255     next     edit "autoupdate.opera.com"         set uuid 0278dc4a-24b8-51e9-e125-5374723d2fb9         set type fqdn         set fqdn "autoupdate.opera.com"     next     edit "google-play"         set uuid 027900f8-24b8-51e9-c943-4042a4680ed7         set type fqdn         set fqdn "play.google.com"     next     edit "swscan.apple.com"         set uuid 027922cc-24b8-51e9-d970-1fbe888229d3         set type fqdn         set fqdn "swscan.apple.com"     next     edit "update.microsoft.com"         set uuid 0279441e-24b8-51e9-234c-21f3889f5500         set type fqdn         set fqdn "update.microsoft.com"     next     edit "SSLVPN_TUNNEL_ADDR1"         set uuid 03dad2e6-24b8-51e9-e6e5-5244979f8464         set type iprange         set associated-interface "ssl.MGMT"         set start-ip 10.212.134.200         set end-ip 10.212.134.210     next     edit "all"         set uuid 03db2eb2-24b8-51e9-33ec-cf50267f79a3     next     edit "FIREWALL_AUTH_PORTAL_ADDRESS"         set uuid 03db3600-24b8-51e9-8daf-b7e40a74fdb4         set visibility disable     next end config firewall multicast-address     edit "all_hosts"         set start-ip 224.0.0.1         set end-ip 224.0.0.1     next     edit "all_routers"         set start-ip 224.0.0.2         set end-ip 224.0.0.2     next     edit "Bonjour"         set start-ip 224.0.0.251         set end-ip 224.0.0.251     next     edit "EIGRP"         set start-ip 224.0.0.10         set end-ip 224.0.0.10     next     edit "OSPF"         set start-ip 224.0.0.5         set end-ip 224.0.0.6     next     edit "all"         set start-ip 224.0.0.0         set end-ip 239.255.255.255     next end config firewall address6     edit "all"         set uuid 02796822-24b8-51e9-468c-1f00654d7075     next     edit "none"         set uuid 02798302-24b8-51e9-0ed7-ed512587a38d         set ip6 ::/128     next     edit "SSLVPN_TUNNEL_IPv6_ADDR1"         set uuid 03dae01a-24b8-51e9-129c-40ae70b606b1         set ip6 fdff:ffff::/120     next end config firewall multicast-address6     edit "all"         set ip6 ff00::/8     next end config firewall service category     edit "General"         set comment "General services."     next     edit "Web Access"         set comment "Web access."     next     edit "File Access"         set comment "File access."     next     edit "Email"         set comment "Email services."     next     edit "Network Services"         set comment "Network services."     next     edit "Authentication"         set comment "Authentication service."     next     edit "Remote Access"         set comment "Remote access."     next     edit "Tunneling"         set comment "Tunneling service."     next     edit "VoIP, Messaging & Other Applications"         set comment "VoIP, messaging, and other applications."     next     edit "Web Proxy"         set comment "Explicit web proxy."     next end config firewall service custom     edit "ALL"         set category "General"         set protocol IP     next     edit "ALL_TCP"         set category "General"         set tcp-portrange 1-65535     next     edit "ALL_UDP"         set category "General"         set udp-portrange 1-65535     next     edit "ALL_ICMP"         set category "General"         set protocol ICMP         unset icmptype     next     edit "ALL_ICMP6"         set category "General"         set protocol ICMP6         unset icmptype     next     edit "GRE"         set category "Tunneling"         set protocol IP         set protocol-number 47     next     edit "AH"         set category "Tunneling"         set protocol IP         set protocol-number 51     next     edit "ESP"         set category "Tunneling"         set protocol IP         set protocol-number 50     next     edit "AOL"         set visibility disable         set tcp-portrange 5190-5194     next     edit "BGP"         set category "Network Services"         set tcp-portrange 179     next     edit "DHCP"         set category "Network Services"         set udp-portrange 67-68     next     edit "DNS"         set category "Network Services"         set tcp-portrange 53         set udp-portrange 53     next     edit "FINGER"         set visibility disable         set tcp-portrange 79     next     edit "FTP"         set category "File Access"         set tcp-portrange 21     next     edit "FTP_GET"         set category "File Access"         set tcp-portrange 21     next     edit "FTP_PUT"         set category "File Access"         set tcp-portrange 21     next     edit "GOPHER"         set visibility disable         set tcp-portrange 70     next     edit "H323"         set category "VoIP, Messaging & Other Applications"         set tcp-portrange 1720 1503         set udp-portrange 1719     next     edit "HTTP"         set category "Web Access"         set tcp-portrange 80     next     edit "HTTPS"         set category "Web Access"         set tcp-portrange 443     next     edit "IKE"         set category "Tunneling"         set udp-portrange 500 4500     next     edit "IMAP"         set category "Email"         set tcp-portrange 143     next     edit "IMAPS"         set category "Email"         set tcp-portrange 993     next     edit "Internet-Locator-Service"         set visibility disable         set tcp-portrange 389     next     edit "IRC"         set category "VoIP, Messaging & Other Applications"         set tcp-portrange 6660-6669     next     edit "L2TP"         set category "Tunneling"         set tcp-portrange 1701         set udp-portrange 1701     next     edit "LDAP"         set category "Authentication"         set tcp-portrange 389     next     edit "NetMeeting"         set visibility disable         set tcp-portrange 1720     next     edit "NFS"         set category "File Access"         set tcp-portrange 111 2049         set udp-portrange 111 2049     next     edit "NNTP"         set visibility disable         set tcp-portrange 119     next     edit "NTP"         set category "Network Services"         set tcp-portrange 123         set udp-portrange 123     next     edit "OSPF"         set category "Network Services"         set protocol IP         set protocol-number 89     next     edit "PC-Anywhere"         set category "Remote Access"         set tcp-portrange 5631         set udp-portrange 5632     next     edit "PING"         set category "Network Services"         set protocol ICMP         set icmptype 8         unset icmpcode     next     edit "TIMESTAMP"         set protocol ICMP         set visibility disable         set icmptype 13         unset icmpcode     next     edit "INFO_REQUEST"         set protocol ICMP         set visibility disable         set icmptype 15         unset icmpcode     next     edit "INFO_ADDRESS"         set protocol ICMP         set visibility disable         set icmptype 17         unset icmpcode     next     edit "ONC-RPC"         set category "Remote Access"         set tcp-portrange 111         set udp-portrange 111     next     edit "DCE-RPC"         set category "Remote Access"         set tcp-portrange 135         set udp-portrange 135     next     edit "POP3"         set category "Email"         set tcp-portrange 110     next     edit "POP3S"         set category "Email"         set tcp-portrange 995     next     edit "PPTP"         set category "Tunneling"         set tcp-portrange 1723     next     edit "QUAKE"         set visibility disable         set udp-portrange 26000 27000 27910 27960     next     edit "RAUDIO"         set visibility disable         set udp-portrange 7070     next     edit "REXEC"         set visibility disable         set tcp-portrange 512     next     edit "RIP"         set category "Network Services"         set udp-portrange 520     next     edit "RLOGIN"         set visibility disable         set tcp-portrange 513:512-1023     next     edit "RSH"         set visibility disable         set tcp-portrange 514:512-1023     next     edit "SCCP"         set category "VoIP, Messaging & Other Applications"         set tcp-portrange 2000     next     edit "SIP"         set category "VoIP, Messaging & Other Applications"         set tcp-portrange 5060         set udp-portrange 5060     next     edit "SIP-MSNmessenger"         set category "VoIP, Messaging & Other Applications"         set tcp-portrange 1863     next     edit "SAMBA"         set category "File Access"         set tcp-portrange 139     next     edit "SMTP"         set category "Email"         set tcp-portrange 25     next     edit "SMTPS"         set category "Email"         set tcp-portrange 465     next     edit "SNMP"         set category "Network Services"         set tcp-portrange 161-162         set udp-portrange 161-162     next     edit "SSH"         set category "Remote Access"         set tcp-portrange 22     next     edit "SYSLOG"         set category "Network Services"         set udp-portrange 514     next     edit "TALK"         set visibility disable         set udp-portrange 517-518     next     edit "TELNET"         set category "Remote Access"         set tcp-portrange 23     next     edit "TFTP"         set category "File Access"         set udp-portrange 69     next     edit "MGCP"         set visibility disable         set udp-portrange 2427 2727     next     edit "UUCP"         set visibility disable         set tcp-portrange 540     next     edit "VDOLIVE"         set visibility disable         set tcp-portrange 7000-7010     next     edit "WAIS"         set visibility disable         set tcp-portrange 210     next     edit "WINFRAME"         set visibility disable         set tcp-portrange 1494 2598     next     edit "X-WINDOWS"         set category "Remote Access"         set tcp-portrange 6000-6063     next     edit "PING6"         set protocol ICMP6         set visibility disable         set icmptype 128         unset icmpcode     next     edit "MS-SQL"         set category "VoIP, Messaging & Other Applications"         set tcp-portrange 1433 1434     next     edit "MYSQL"         set category "VoIP, Messaging & Other Applications"         set tcp-portrange 3306     next     edit "RDP"         set category "Remote Access"         set tcp-portrange 3389     next     edit "VNC"         set category "Remote Access"         set tcp-portrange 5900     next     edit "DHCP6"         set category "Network Services"         set udp-portrange 546 547     next     edit "SQUID"         set category "Tunneling"         set tcp-portrange 3128     next     edit "SOCKS"         set category "Tunneling"         set tcp-portrange 1080         set udp-portrange 1080     next     edit "WINS"         set category "Remote Access"         set tcp-portrange 1512         set udp-portrange 1512     next     edit "RADIUS"         set category "Authentication"         set udp-portrange 1812 1813     next     edit "RADIUS-OLD"         set visibility disable         set udp-portrange 1645 1646     next     edit "CVSPSERVER"         set visibility disable         set tcp-portrange 2401         set udp-portrange 2401     next     edit "AFS3"         set category "File Access"         set tcp-portrange 7000-7009         set udp-portrange 7000-7009     next     edit "TRACEROUTE"         set category "Network Services"         set udp-portrange 33434-33535     next     edit "RTSP"         set category "VoIP, Messaging & Other Applications"         set tcp-portrange 554 7070 8554         set udp-portrange 554     next     edit "MMS"         set visibility disable         set tcp-portrange 1755         set udp-portrange 1024-5000     next     edit "KERBEROS"         set category "Authentication"         set tcp-portrange 88 464         set udp-portrange 88 464     next     edit "LDAP_UDP"         set category "Authentication"         set udp-portrange 389     next     edit "SMB"         set category "File Access"         set tcp-portrange 445     next     edit "NONE"         set visibility disable         set tcp-portrange 0     next     edit "webproxy"         set proxy enable         set category "Web Proxy"         set protocol ALL         set tcp-portrange 0-65535:0-65535     next end config firewall service group     edit "Email Access"         set member "DNS" "IMAP" "IMAPS" "POP3" "POP3S" "SMTP" "SMTPS"     next     edit "Web Access"         set member "DNS" "HTTP" "HTTPS"     next     edit "Windows AD"         set member "DCE-RPC" "DNS" "KERBEROS" "LDAP" "LDAP_UDP" "SAMBA" "SMB"     next     edit "Exchange Server"         set member "DCE-RPC" "DNS" "HTTPS"     next end config webfilter ftgd-local-cat     edit "custom1"         set id 140     next     edit "custom2"         set id 141     next end config firewall shaper traffic-shaper     edit "high-priority"         set maximum-bandwidth 1048576         set per-policy enable     next     edit "medium-priority"         set maximum-bandwidth 1048576         set priority medium         set per-policy enable     next     edit "low-priority"         set maximum-bandwidth 1048576         set priority low         set per-policy enable     next     edit "guarantee-100kbps"         set guaranteed-bandwidth 100         set maximum-bandwidth 1048576         set per-policy enable     next     edit "shared-1M-pipe"         set maximum-bandwidth 1024     next end config web-proxy global     set proxy-fqdn "default.fqdn" end config dlp filepattern     edit 1         set name "builtin-patterns"         config entries             edit "*.bat"             next             edit "*.com"             next             edit "*.dll"             next             edit "*.doc"             next             edit "*.exe"             next             edit "*.gz"             next             edit "*.hta"             next             edit "*.ppt"             next             edit "*.rar"             next             edit "*.scr"             next             edit "*.tar"             next             edit "*.tgz"             next             edit "*.vb?"             next             edit "*.wps"             next             edit "*.xl?"             next             edit "*.zip"             next             edit "*.pif"             next             edit "*.cpl"             next         end     next     edit 2         set name "all_executables"         config entries             edit "bat"                 set filter-type type                 set file-type bat             next             edit "exe"                 set filter-type type                 set file-type exe             next             edit "elf"                 set filter-type type                 set file-type elf             next             edit "hta"                 set filter-type type                 set file-type hta             next         end     next end config dlp fp-sensitivity     edit "Private"     next     edit "Critical"     next     edit "Warning"     next end config webfilter ips-urlfilter-setting end config webfilter ips-urlfilter-setting6 end config log threat-weight     config web         edit 1             set category 26             set level high         next         edit 2             set category 61             set level high         next         edit 3             set category 86             set level high         next         edit 4             set category 1             set level medium         next         edit 5             set category 3             set level medium         next         edit 6             set category 4             set level medium         next         edit 7             set category 5             set level medium         next         edit 8             set category 6             set level medium         next         edit 9             set category 12             set level medium         next         edit 10             set category 59             set level medium         next         edit 11             set category 62             set level medium         next         edit 12             set category 83             set level medium         next         edit 13             set category 72         next         edit 14             set category 14         next     end     config application         edit 1             set category 2         next         edit 2             set category 6             set level medium         next     end end config icap profile     edit "default"     next end config vpn certificate ca end config vpn certificate local     edit "Fortinet_CA_SSL"         set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."         set range global         set source factory         set last-updated 1548870834     next     edit "Fortinet_CA_Untrusted"         set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."         set range global         set source factory         set last-updated 1548870834     next     edit "Fortinet_SSL"         set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "         set range global         set source factory         set last-updated 1548870834     next     edit "Fortinet_SSL_RSA1024"         set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "         set range global         set source factory         set last-updated 1548870834     next     edit "Fortinet_SSL_RSA2048"         set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "         set range global         set source factory         set last-updated 1548870834     next     edit "Fortinet_SSL_DSA1024"         set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "         set range global         set source factory         set last-updated 1548870834     next     edit "Fortinet_SSL_DSA2048"         set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "         set range global         set source factory         set last-updated 1548870834     next     edit "Fortinet_SSL_ECDSA256"         set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "         set range global         set source factory         set last-updated 1548870834     next     edit "Fortinet_SSL_ECDSA384"         set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "         set range global         set source factory         set last-updated 1548870834     next end config user setting     set auth-cert "Fortinet_Factory" end config user group     edit "SSO_Guest_Users"     next end config user device-group     edit "Mobile Devices"         set member "android-phone" "android-tablet" "blackberry-phone" "blackberry-playbook" "ipad" "iphone" "windows-phone" "windows-tablet"         set comment "Phones, tablets, etc."     next     edit "Network Devices"         set member "fortinet-device" "other-network-device" "router-nat-device"         set comment "Routers, firewalls, gateways, etc."     next     edit "Others"         set member "gaming-console" "media-streaming"         set comment "Other devices."     next end config vpn ssl web host-check-software     edit "FortiClient-AV"         set guid "C86EC76D-5A4C-40E7-BD94-59358E544D81"     next     edit "FortiClient-FW"         set type fw         set guid "528CB157-D384-4593-AAAA-E42DFF111CED"     next     edit "FortiClient-AV-Vista"         set guid "385618A6-2256-708E-3FB9-7E98B93F91F9"     next     edit "FortiClient-FW-Vista"         set type fw         set guid "006D9983-6839-71D6-14E6-D7AD47ECD682"     next     edit "FortiClient-AV-Win7"         set guid "71629DC5-BE6F-CCD3-C5A5-014980643264"     next     edit "AVG-Internet-Security-AV"         set guid "17DDD097-36FF-435F-9E1B-52D74245D6BF"     next     edit "AVG-Internet-Security-FW"         set type fw         set guid "8DECF618-9569-4340-B34A-D78D28969B66"     next     edit "AVG-Internet-Security-AV-Vista-Win7"         set guid "0C939084-9E57-CBDB-EA61-0B0C7F62AF82"     next     edit "AVG-Internet-Security-FW-Vista-Win7"         set type fw         set guid "34A811A1-D438-CA83-C13E-A23981B1E8F9"     next     edit "CA-Anti-Virus"         set guid "17CFD1EA-56CF-40B5-A06B-BD3A27397C93"     next     edit "CA-Internet-Security-AV"         set guid "6B98D35F-BB76-41C0-876B-A50645ED099A"     next     edit "CA-Internet-Security-FW"         set type fw         set guid "38102F93-1B6E-4922-90E1-A35D8DC6DAA3"     next     edit "CA-Internet-Security-AV-Vista-Win7"         set guid "3EED0195-0A4B-4EF3-CC4F-4F401BDC245F"     next     edit "CA-Internet-Security-FW-Vista-Win7"         set type fw         set guid "06D680B0-4024-4FAB-E710-E675E50F6324"     next     edit "CA-Personal-Firewall"         set type fw         set guid "14CB4B80-8E52-45EA-905E-67C1267B4160"     next     edit "F-Secure-Internet-Security-AV"         set guid "E7512ED5-4245-4B4D-AF3A-382D3F313F15"     next     edit "F-Secure-Internet-Security-FW"         set type fw         set guid "D4747503-0346-49EB-9262-997542F79BF4"     next     edit "F-Secure-Internet-Security-AV-Vista-Win7"         set guid "15414183-282E-D62C-CA37-EF24860A2F17"     next     edit "F-Secure-Internet-Security-FW-Vista-Win7"         set type fw         set guid "2D7AC0A6-6241-D774-E168-461178D9686C"     next     edit "Kaspersky-AV"         set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0"     next     edit "Kaspersky-FW"         set type fw         set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0"     next     edit "Kaspersky-AV-Vista-Win7"         set guid "AE1D740B-8F0F-D137-211D-873D44B3F4AE"     next     edit "Kaspersky-FW-Vista-Win7"         set type fw         set guid "9626F52E-C560-D06F-0A42-2E08BA60B3D5"     next     edit "McAfee-Internet-Security-Suite-AV"         set guid "84B5EE75-6421-4CDE-A33A-DD43BA9FAD83"     next     edit "McAfee-Internet-Security-Suite-FW"         set type fw         set guid "94894B63-8C7F-4050-BDA4-813CA00DA3E8"     next     edit "McAfee-Internet-Security-Suite-AV-Vista-Win7"         set guid "86355677-4064-3EA7-ABB3-1B136EB04637"     next     edit "McAfee-Internet-Security-Suite-FW-Vista-Win7"         set type fw         set guid "BE0ED752-0A0B-3FFF-80EC-B2269063014C"     next     edit "McAfee-Virus-Scan-Enterprise"         set guid "918A2B0B-2C60-4016-A4AB-E868DEABF7F0"     next     edit "Norton-360-2.0-AV"         set guid "A5F1BC7C-EA33-4247-961C-0217208396C4"     next     edit "Norton-360-2.0-FW"         set type fw         set guid "371C0A40-5A0C-4AD2-A6E5-69C02037FBF3"     next     edit "Norton-360-3.0-AV"         set guid "E10A9785-9598-4754-B552-92431C1C35F8"     next     edit "Norton-360-3.0-FW"         set type fw         set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220"     next     edit "Norton-Internet-Security-AV"         set guid "E10A9785-9598-4754-B552-92431C1C35F8"     next     edit "Norton-Internet-Security-FW"         set type fw         set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220"     next     edit "Norton-Internet-Security-AV-Vista-Win7"         set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855"     next     edit "Norton-Internet-Security-FW-Vista-Win7"         set type fw         set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E"     next     edit "Symantec-Endpoint-Protection-AV"         set guid "FB06448E-52B8-493A-90F3-E43226D3305C"     next     edit "Symantec-Endpoint-Protection-FW"         set type fw         set guid "BE898FE3-CD0B-4014-85A9-03DB9923DDB6"     next     edit "Symantec-Endpoint-Protection-AV-Vista-Win7"         set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855"     next     edit "Symantec-Endpoint-Protection-FW-Vista-Win7"         set type fw         set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E"     next     edit "Panda-Antivirus+Firewall-2008-AV"         set guid "EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A"     next     edit "Panda-Antivirus+Firewall-2008-FW"         set type fw         set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8"     next     edit "Panda-Internet-Security-AV"         set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0"     next     edit "Panda-Internet-Security-2006~2007-FW"         set type fw         set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0"     next     edit "Panda-Internet-Security-2008~2009-FW"         set type fw         set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8"     next     edit "Sophos-Anti-Virus"         set guid "3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD"     next     edit "Sophos-Enpoint-Secuirty-and-Control-FW"         set type fw         set guid "0786E95E-326A-4524-9691-41EF88FB52EA"     next     edit "Sophos-Enpoint-Secuirty-and-Control-AV-Vista-Win7"         set guid "479CCF92-4960-B3E0-7373-BF453B467D2C"     next     edit "Sophos-Enpoint-Secuirty-and-Control-FW-Vista-Win7"         set type fw         set guid "7FA74EB7-030F-B2B8-582C-1670C5953A57"     next     edit "Trend-Micro-AV"         set guid "7D2296BC-32CC-4519-917E-52E652474AF5"     next     edit "Trend-Micro-FW"         set type fw         set guid "3E790E9E-6A5D-4303-A7F9-185EC20F3EB6"     next     edit "Trend-Micro-AV-Vista-Win7"         set guid "48929DFC-7A52-A34F-8351-C4DBEDBD9C50"     next     edit "Trend-Micro-FW-Vista-Win7"         set type fw         set guid "70A91CD9-303D-A217-A80E-6DEE136EDB2B"     next     edit "ZoneAlarm-AV"         set guid "5D467B10-818C-4CAB-9FF7-6893B5B8F3CF"     next     edit "ZoneAlarm-FW"         set type fw         set guid "829BDA32-94B3-44F4-8446-F8FCFF809F8B"     next     edit "ZoneAlarm-AV-Vista-Win7"         set guid "D61596DF-D219-341C-49B3-AD30538CBC5B"     next     edit "ZoneAlarm-FW-Vista-Win7"         set type fw         set guid "EE2E17FA-9876-3544-62EC-0405AD5FFB20"     next     edit "ESET-Smart-Security-AV"         set guid "19259FAE-8396-A113-46DB-15B0E7DFA289"     next     edit "ESET-Smart-Security-FW"         set type fw         set guid "211E1E8B-C9F9-A04B-6D84-BC85190CE5F2"     next end config vpn ssl web portal     edit "full-access"         set tunnel-mode enable         set ipv6-tunnel-mode enable         set web-mode enable         set ip-pools "SSLVPN_TUNNEL_ADDR1"         set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1"     next     edit "web-access"         set web-mode enable     next     edit "tunnel-access"         set tunnel-mode enable         set ipv6-tunnel-mode enable         set ip-pools "SSLVPN_TUNNEL_ADDR1"         set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1"     next end config vpn ssl settings     set servercert "Fortinet_Factory"     set port 443 end config voip profile     edit "default"         set comment "Default VoIP profile."     next     edit "strict"         config sip             set malformed-request-line discard             set malformed-header-via discard             set malformed-header-from discard             set malformed-header-to discard             set malformed-header-call-id discard             set malformed-header-cseq discard             set malformed-header-rack discard             set malformed-header-rseq discard             set malformed-header-contact discard             set malformed-header-record-route discard             set malformed-header-route discard             set malformed-header-expires discard             set malformed-header-content-type discard             set malformed-header-content-length discard             set malformed-header-max-forwards discard             set malformed-header-allow discard             set malformed-header-p-asserted-identity discard             set malformed-header-sdp-v discard             set malformed-header-sdp-o discard             set malformed-header-sdp-s discard             set malformed-header-sdp-i discard             set malformed-header-sdp-c discard             set malformed-header-sdp-b discard             set malformed-header-sdp-z discard             set malformed-header-sdp-k discard             set malformed-header-sdp-a discard             set malformed-header-sdp-t discard             set malformed-header-sdp-r discard             set malformed-header-sdp-m discard         end     next end config webfilter search-engine     edit "google"         set hostname ".*\\.google\\..*"         set url "^\\/((custom|search|images|videosearch|webhp)\\?)"         set query "q="         set safesearch url         set safesearch-str "&safe=active"     next     edit "yahoo"         set hostname ".*\\.yahoo\\..*"         set url "^\\/search(\\/video|\\/images){0,1}(\\?|;)"         set query "p="         set safesearch url         set safesearch-str "&vm=r"     next     edit "bing"         set hostname ".*\\.bing\\..*"         set url "^(\\/images|\\/videos)?(\\/search|\\/async|\\/asyncv2)\\?"         set query "q="         set safesearch header     next     edit "yandex"         set hostname "yandex\\..*"         set url "^\\/((yand|images\\/|video\\/)(search)|search\\/)\\?"         set query "text="         set safesearch url         set safesearch-str "&family=yes"     next     edit "youtube"         set hostname ".*youtube.*"         set safesearch header     next     edit "baidu"         set hostname ".*\\.baidu\\.com"         set url "^\\/s?\\?"         set query "wd="     next     edit "baidu2"         set hostname ".*\\.baidu\\.com"         set url "^\\/(ns|q|m|i|v)\\?"         set query "word="     next     edit "baidu3"         set hostname "tieba\\.baidu\\.com"         set url "^\\/f\\?"         set query "kw="     next end config dnsfilter profile     edit "default"         set comment "Default dns filtering."         config ftgd-dns             config filters                 edit 1                     set category 2                 next                 edit 2                     set category 7                 next                 edit 3                     set category 8                 next                 edit 4                     set category 9                 next                 edit 5                     set category 11                 next                 edit 6                     set category 12                 next                 edit 7                     set category 13                 next                 edit 8                     set category 14                 next                 edit 9                     set category 15                 next                 edit 10                     set category 16                 next                 edit 11                 next                 edit 12                     set category 57                 next                 edit 13                     set category 63                 next                 edit 14                     set category 64                 next                 edit 15                     set category 65                 next                 edit 16                     set category 66                 next                 edit 17                     set category 67                 next                 edit 18                     set category 26                     set action block                 next                 edit 19                     set category 61                     set action block                 next                 edit 20                     set category 86                     set action block                 next                 edit 21                     set category 88                     set action block                 next                 edit 22                     set category 90                     set action block                 next                 edit 23                     set category 91                     set action block                 next             end         end         set block-botnet enable     next end config spamfilter profile     edit "default"         set comment "Malware and phishing URL filtering."     next     edit "sniffer-profile"         set comment "Malware and phishing URL monitoring."         set flow-based enable     next end config firewall schedule recurring     edit "always"         set day sunday monday tuesday wednesday thursday friday saturday     next     edit "none"     next end config firewall profile-protocol-options     edit "default"         set comment "All default services."         config http             set ports 80             unset options             unset post-lang         end         config ftp             set ports 21             set options splice         end         config imap             set ports 143             set options fragmail         end         config mapi             set ports 135             set options fragmail         end         config pop3             set ports 110             set options fragmail         end         config smtp             set ports 25             set options fragmail splice         end         config nntp             set ports 119             set options splice         end         config dns             set ports 53         end     next end config firewall ssl-ssh-profile     edit "certificate-inspection"         set comment "Read-only SSL handshake inspection profile."         config https             set ports 443             set status certificate-inspection         end         config ftps             set status disable         end         config imaps             set status disable         end         config pop3s             set status disable         end         config smtps             set status disable         end         config ssh             set ports 22             set status disable         end     next     edit "deep-inspection"         set comment "Read-only deep inspection profile."         config https             set ports 443         end         config ftps             set ports 990         end         config imaps             set ports 993         end         config pop3s             set ports 995         end         config smtps             set ports 465         end         config ssh             set ports 22         end         config ssl-exempt             edit 1                 set fortiguard-category 31             next             edit 2                 set fortiguard-category 33             next             edit 3                 set type address                 set address "google-play"             next             edit 4                 set type address                 set address "update.microsoft.com"             next             edit 5                 set type address                 set address "swscan.apple.com"             next             edit 6                 set type address                 set address "autoupdate.opera.com"             next             edit 7                 set type wildcard-fqdn                 set wildcard-fqdn "g-android"             next             edit 8                 set type wildcard-fqdn                 set wildcard-fqdn "g-apple"             next             edit 9                 set type wildcard-fqdn                 set wildcard-fqdn "g-appstore"             next             edit 10                 set type wildcard-fqdn                 set wildcard-fqdn "g-citrix"             next             edit 11                 set type wildcard-fqdn                 set wildcard-fqdn "g-eease"             next             edit 12                 set type wildcard-fqdn                 set wildcard-fqdn "g-google-drive"             next             edit 13                 set type wildcard-fqdn                 set wildcard-fqdn "g-google-play2"             next             edit 14                 set type wildcard-fqdn                 set wildcard-fqdn "g-google-play3"             next             edit 15                 set type wildcard-fqdn                 set wildcard-fqdn "g-Gotomeeting"             next             edit 16                 set type wildcard-fqdn                 set wildcard-fqdn "g-microsoft"             next             edit 17                 set type wildcard-fqdn                 set wildcard-fqdn "g-adobe"             next             edit 18                 set type wildcard-fqdn                 set wildcard-fqdn "g-Adobe Login"             next             edit 19                 set type wildcard-fqdn                 set wildcard-fqdn "g-dropbox.com"             next             edit 20                 set type wildcard-fqdn                 set wildcard-fqdn "g-fortinet"             next             edit 21                 set type wildcard-fqdn                 set wildcard-fqdn "g-googleapis.com"             next             edit 22                 set type wildcard-fqdn                 set wildcard-fqdn "g-icloud"             next             edit 23                 set type wildcard-fqdn                 set wildcard-fqdn "g-itunes"             next             edit 24                 set type wildcard-fqdn                 set wildcard-fqdn "g-skype"             next             edit 25                 set type wildcard-fqdn                 set wildcard-fqdn "g-verisign"             next             edit 26                 set type wildcard-fqdn                 set wildcard-fqdn "g-Windows update 2"             next             edit 27                 set type wildcard-fqdn                 set wildcard-fqdn "g-auth.gfx.ms"             next             edit 28                 set type wildcard-fqdn                 set wildcard-fqdn "g-softwareupdate.vmware.com"             next             edit 29                 set type wildcard-fqdn                 set wildcard-fqdn "g-firefox update server"             next             edit 30                 set type wildcard-fqdn                 set wildcard-fqdn "g-live.com"             next         end     next     edit "custom-deep-inspection"         set comment "Customizable deep inspection profile."         config https             set ports 443         end         config ftps             set ports 990         end         config imaps             set ports 993         end         config pop3s             set ports 995         end         config smtps             set ports 465         end         config ssh             set ports 22         end         config ssl-exempt             edit 1                 set fortiguard-category 31             next             edit 2                 set fortiguard-category 33             next             edit 3                 set type address                 set address "google-play"             next             edit 4                 set type address                 set address "update.microsoft.com"             next             edit 5                 set type address                 set address "swscan.apple.com"             next             edit 6                 set type address                 set address "autoupdate.opera.com"             next             edit 7                 set type wildcard-fqdn                 set wildcard-fqdn "g-android"             next             edit 8                 set type wildcard-fqdn                 set wildcard-fqdn "g-apple"             next             edit 9                 set type wildcard-fqdn                 set wildcard-fqdn "g-appstore"             next             edit 10                 set type wildcard-fqdn                 set wildcard-fqdn "g-citrix"             next             edit 11                 set type wildcard-fqdn                 set wildcard-fqdn "g-eease"             next             edit 12                 set type wildcard-fqdn                 set wildcard-fqdn "g-google-drive"             next             edit 13                 set type wildcard-fqdn                 set wildcard-fqdn "g-google-play2"             next             edit 14                 set type wildcard-fqdn                 set wildcard-fqdn "g-google-play3"             next             edit 15                 set type wildcard-fqdn                 set wildcard-fqdn "g-Gotomeeting"             next             edit 16                 set type wildcard-fqdn                 set wildcard-fqdn "g-microsoft"             next             edit 17                 set type wildcard-fqdn                 set wildcard-fqdn "g-adobe"             next             edit 18                 set type wildcard-fqdn                 set wildcard-fqdn "g-Adobe Login"             next             edit 19                 set type wildcard-fqdn                 set wildcard-fqdn "g-dropbox.com"             next             edit 20                 set type wildcard-fqdn                 set wildcard-fqdn "g-fortinet"             next             edit 21                 set type wildcard-fqdn                 set wildcard-fqdn "g-googleapis.com"             next             edit 22                 set type wildcard-fqdn                 set wildcard-fqdn "g-icloud"             next             edit 23                 set type wildcard-fqdn                 set wildcard-fqdn "g-itunes"             next             edit 24                 set type wildcard-fqdn                 set wildcard-fqdn "g-skype"             next             edit 25                 set type wildcard-fqdn                 set wildcard-fqdn "g-verisign"             next             edit 26                 set type wildcard-fqdn                 set wildcard-fqdn "g-Windows update 2"             next             edit 27                 set type wildcard-fqdn                 set wildcard-fqdn "g-auth.gfx.ms"             next             edit 28                 set type wildcard-fqdn                 set wildcard-fqdn "g-softwareupdate.vmware.com"             next             edit 29                 set type wildcard-fqdn                 set wildcard-fqdn "g-firefox update server"             next             edit 30                 set type wildcard-fqdn                 set wildcard-fqdn "g-live.com"             next         end     next end config waf profile     edit "default"         config signature             config main-class 100000000                 set action block                 set severity high             end             config main-class 20000000             end             config main-class 30000000                 set status enable                 set action block                 set severity high             end             config main-class 40000000             end             config main-class 50000000                 set status enable                 set action block                 set severity high             end             config main-class 60000000             end             config main-class 70000000                 set status enable                 set action block                 set severity high             end             config main-class 80000000                 set status enable                 set severity low             end             config main-class 110000000                 set status enable                 set severity high             end             config main-class 90000000                 set status enable                 set action block                 set severity high             end             set disabled-signature 80080005 80200001 60030001 60120001 80080003 90410001 90410002         end         config constraint             config header-length                 set status enable                 set log enable                 set severity low             end             config content-length                 set status enable                 set log enable                 set severity low             end             config param-length                 set status enable                 set log enable                 set severity low             end             config line-length                 set status enable                 set log enable                 set severity low             end             config url-param-length                 set status enable                 set log enable                 set severity low             end             config version                 set log enable             end             config method                 set action block                 set log enable             end             config hostname                 set action block                 set log enable             end             config malformed                 set log enable             end             config max-cookie                 set status enable                 set log enable                 set severity low             end             config max-header-line                 set status enable                 set log enable                 set severity low             end             config max-url-param                 set status enable                 set log enable                 set severity low             end             config max-range-segment                 set status enable                 set log enable                 set severity high             end         end     next end config firewall ssh setting     set caname "g-Fortinet_SSH_CA"     set untrusted-caname "g-Fortinet_SSH_CA_Untrusted"     set hostkey-rsa2048 "g-Fortinet_SSH_RSA2048"     set hostkey-dsa1024 "g-Fortinet_SSH_DSA1024"     set hostkey-ecdsa256 "g-Fortinet_SSH_ECDSA256"     set hostkey-ecdsa384 "g-Fortinet_SSH_ECDSA384"     set hostkey-ecdsa521 "g-Fortinet_SSH_ECDSA521"     set hostkey-ed25519 "g-Fortinet_SSH_ED25519" end config switch-controller switch-profile     edit "default"     next end config endpoint-control profile     edit "default"         config forticlient-winmac-settings         end         config forticlient-android-settings         end         config forticlient-ios-settings         end     next end config wireless-controller wids-profile     edit "default"         set comment "Default WIDS profile."         set ap-scan enable         set wireless-bridge enable         set deauth-broadcast enable         set null-ssid-probe-resp enable         set long-duration-attack enable         set invalid-mac-oui enable         set weak-wep-iv enable         set auth-frame-flood enable         set assoc-frame-flood enable         set spoofed-deauth enable         set asleap-attack enable         set eapol-start-flood enable         set eapol-logoff-flood enable         set eapol-succ-flood enable         set eapol-fail-flood enable         set eapol-pre-succ-flood enable         set eapol-pre-fail-flood enable     next     edit "default-wids-apscan-enabled"         set ap-scan enable     next end config wireless-controller wtp-profile     edit "FAPU323EV-default"         config platform             set type U323EV         end         set handoff-sta-thresh 30         config radio-1             set band 802.11n         end         config radio-2             set band 802.11ac         end     next     edit "FAPU321EV-default"         config platform             set type U321EV         end         set handoff-sta-thresh 30         config radio-1             set band 802.11n         end         config radio-2             set band 802.11ac         end     next     edit "FAPU24JEV-default"         config platform             set type U24JEV         end         set handoff-sta-thresh 30         config radio-1             set band 802.11n         end         config radio-2             set band 802.11ac         end     next     edit "FAPU223EV-default"         config platform             set type U223EV         end         set handoff-sta-thresh 30         config radio-1             set band 802.11n         end         config radio-2             set band 802.11ac         end     next     edit "FAPU221EV-default"         config platform             set type U221EV         end         set handoff-sta-thresh 30         config radio-1             set band 802.11n         end         config radio-2             set band 802.11ac         end     next     edit "FAPU423E-default"         config platform             set type U423E         end         set handoff-sta-thresh 30         config radio-1             set band 802.11n         end         config radio-2             set band 802.11ac         end     next     edit "FAPU422EV-default"         config platform             set type U422EV         end         set handoff-sta-thresh 30         config radio-1             set band 802.11n         end         config radio-2             set band 802.11ac         end     next     edit "FAPU421E-default"         config platform             set type U421E         end         set handoff-sta-thresh 30         config radio-1             set band 802.11n         end         config radio-2             set band 802.11ac         end     next     edit "FAPS223E-default"         config platform             set type S223E         end         set handoff-sta-thresh 55         config radio-1             set band 802.11n,g-only         end         config radio-2             set band 802.11ac         end     next     edit "FAPS221E-default"         config platform             set type S221E         end         set handoff-sta-thresh 55         config radio-1             set band 802.11n,g-only         end         config radio-2             set band 802.11ac         end     next     edit "FAP224E-default"         config platform             set type 224E         end         set handoff-sta-thresh 55         config radio-1             set band 802.11n,g-only         end         config radio-2             set band 802.11ac         end     next     edit "FAP223E-default"         config platform             set type 223E         end         set handoff-sta-thresh 55         config radio-1             set band 802.11n,g-only         end         config radio-2             set band 802.11ac         end     next     edit "FAP222E-default"         config platform             set type 222E         end         set handoff-sta-thresh 55         config radio-1             set band 802.11n,g-only         end         config radio-2             set band 802.11ac         end     next     edit "FAP221E-default"         config platform             set type 221E         end         set handoff-sta-thresh 55         config radio-1             set band 802.11n,g-only         end         config radio-2             set band 802.11ac         end     next     edit "FAP423E-default"         config platform             set type 423E         end         set handoff-sta-thresh 55         config radio-1             set band 802.11n,g-only         end         config radio-2             set band 802.11ac         end     next     edit "FAP421E-default"         config platform             set type 421E         end         set handoff-sta-thresh 55         config radio-1             set band 802.11n,g-only         end         config radio-2             set band 802.11ac         end     next     edit "FAPS423E-default"         config platform             set type S423E         end         set handoff-sta-thresh 55         config radio-1             set band 802.11n,g-only         end         config radio-2             set band 802.11ac         end     next     edit "FAPS422E-default"         config platform             set type S422E         end         set handoff-sta-thresh 55         config radio-1             set band 802.11n,g-only         end         config radio-2             set band 802.11ac         end     next     edit "FAPS421E-default"         config platform             set type S421E         end         set handoff-sta-thresh 55         config radio-1             set band 802.11n,g-only         end         config radio-2             set band 802.11ac         end     next     edit "FAPS323CR-default"         config platform             set type S323CR         end         set handoff-sta-thresh 30         config radio-1             set band 802.11n,g-only         end         config radio-2             set band 802.11ac         end     next     edit "FAPS322CR-default"         config platform             set type S322CR         end         set handoff-sta-thresh 30         config radio-1             set band 802.11n,g-only         end         config radio-2             set band 802.11ac         end     next     edit "FAPS321CR-default"         config platform             set type S321CR         end         set handoff-sta-thresh 30         config radio-1             set band 802.11n,g-only         end         config radio-2             set band 802.11ac         end     next     edit "FAPS313C-default"         config platform             set type S313C         end         set handoff-sta-thresh 30         config radio-1             set band 802.11ac         end     next     edit "FAPS311C-default"         config platform             set type S311C         end         set handoff-sta-thresh 30         config radio-1             set band 802.11ac         end     next     edit "FAPS323C-default"         config platform             set type S323C         end         set handoff-sta-thresh 30         config radio-1             set band 802.11n,g-only         end         config radio-2             set band 802.11ac         end     next     edit "FAPS322C-default"         config platform             set type S322C         end         set handoff-sta-thresh 30         config radio-1             set band 802.11n,g-only         end         config radio-2             set band 802.11ac         end     next     edit "FAPS321C-default"         config platform             set type S321C         end         set handoff-sta-thresh 30         config radio-1             set band 802.11n,g-only         end         config radio-2             set band 802.11ac         end     next     edit "FAP321C-default"         config platform             set type 321C         end         set handoff-sta-thresh 30         config radio-1             set band 802.11n,g-only         end         config radio-2             set band 802.11ac         end     next     edit "FAP223C-default"         config platform             set type 223C         end         set handoff-sta-thresh 30         config radio-1             set band 802.11n,g-only         end         config radio-2             set band 802.11ac         end     next     edit "FAP112D-default"         config platform             set type 112D         end         set handoff-sta-thresh 30         config radio-1             set band 802.11n,g-only         end     next     edit "FAP24D-default"         config platform             set type 24D         end         set handoff-sta-thresh 30         config radio-1             set band 802.11n,g-only         end     next     edit "FAP21D-default"         config platform             set type 21D         end         set handoff-sta-thresh 30         config radio-1             set band 802.11n,g-only         end     next     edit "FK214B-default"         config platform             set type 214B         end         set handoff-sta-thresh 30         config radio-1             set band 802.11n,g-only         end     next     edit "FAP224D-default"         config platform             set type 224D         end         set handoff-sta-thresh 30         config radio-1             set band 802.11n-5G         end         config radio-2             set band 802.11n,g-only         end     next     edit "FAP222C-default"         config platform             set type 222C         end         set handoff-sta-thresh 30         config radio-1             set band 802.11n,g-only         end         config radio-2             set band 802.11ac         end     next     edit "FAP25D-default"         config platform             set type 25D         end         set handoff-sta-thresh 30         config radio-1             set band 802.11n,g-only         end     next     edit "FAP221C-default"         config platform             set type 221C         end         set handoff-sta-thresh 30         config radio-1             set band 802.11n,g-only         end         config radio-2             set band 802.11ac         end     next     edit "FAP320C-default"         config platform             set type 320C         end         set handoff-sta-thresh 30         config radio-1             set band 802.11n,g-only         end         config radio-2             set band 802.11ac         end     next     edit "FAP28C-default"         config platform             set type 28C         end         set handoff-sta-thresh 30         config radio-1             set band 802.11n,g-only         end     next     edit "FAP223B-default"         config platform             set type 223B         end         set handoff-sta-thresh 30         config radio-1             set band 802.11n-5G         end         config radio-2             set band 802.11n,g-only         end     next     edit "FAP14C-default"         config platform             set type 14C         end         set handoff-sta-thresh 30         config radio-1             set band 802.11n,g-only         end     next     edit "FAP11C-default"         config platform             set type 11C         end         set handoff-sta-thresh 30         config radio-1             set band 802.11n,g-only         end     next     edit "FAP320B-default"         config platform             set type 320B         end         set handoff-sta-thresh 30         config radio-1             set band 802.11n-5G         end         config radio-2             set band 802.11n,g-only         end     next     edit "FAP112B-default"         config platform             set type 112B         end         set handoff-sta-thresh 30         config radio-1             set band 802.11n,g-only         end     next     edit "FAP222B-default"         config platform             set type 222B         end         set handoff-sta-thresh 30         config radio-1             set band 802.11n,g-only         end         config radio-2             set band 802.11n-5G         end     next     edit "FAP210B-default"         config platform             set type 210B         end         set handoff-sta-thresh 30         config radio-1             set band 802.11n,g-only         end     next     edit "FAP220B-default"         set handoff-sta-thresh 30         config radio-1             set band 802.11n-5G         end         config radio-2             set band 802.11n,g-only         end     next     edit "AP-11N-default"         config platform             set type AP-11N         end         set handoff-sta-thresh 30         config radio-1             set band 802.11n,g-only         end     next end config log memory setting     set status enable end config log null-device setting     set status disable end config router rip     config redistribute "connected"     end     config redistribute "static"     end     config redistribute "ospf"     end     config redistribute "bgp"     end     config redistribute "isis"     end end config router ripng     config redistribute "connected"     end     config redistribute "static"     end     config redistribute "ospf"     end     config redistribute "bgp"     end     config redistribute "isis"     end end config router static     edit 1         set gateway 10.11.24.5         set device "lan1"     next end config router ospf     config redistribute "connected"     end     config redistribute "static"     end     config redistribute "rip"     end     config redistribute "bgp"     end     config redistribute "isis"     end end config router ospf6     config redistribute "connected"     end     config redistribute "static"     end     config redistribute "rip"     end     config redistribute "bgp"     end     config redistribute "isis"     end end config router bgp     config redistribute "connected"     end     config redistribute "rip"     end     config redistribute "ospf"     end     config redistribute "static"     end     config redistribute "isis"     end     config redistribute6 "connected"     end     config redistribute6 "rip"     end     config redistribute6 "ospf"     end     config redistribute6 "static"     end     config redistribute6 "isis"     end end config router isis     config redistribute "connected"     end     config redistribute "rip"     end     config redistribute "ospf"     end     config redistribute "bgp"     end     config redistribute "static"     end     config redistribute6 "connected"     end     config redistribute6 "rip"     end     config redistribute6 "ospf"     end     config redistribute6 "bgp"     end     config redistribute6 "static"     end end config router multicast end end

0 REPLIES 0
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors